A massive Microsoft data leak made around 2.4 TB of data from more than 65,000 companies publicly visible for a while. The reason was an incorrectly configured server. In the meantime, however, the gap has been closed again.
Microsoft data leak: 65,000 companies affected
Around 2.4 terabytes of sensitive data from over 65,000 companies were unprotected and publicly viewable in a Microsoft data leak. The reason was a configuration error on a server, Microsoft said in a blog post.
Sensitive data such as user information, product orders and offers, project details, personal data and private documents were visible. 65,000 companies from 111 countries were said to be affected, according to the report by security firm SOC Radar.
Microsoft, however, clarifies that the bug is not a security vulnerability. The leak is due to a misconfiguration in a final product, which is not used in the entire Microsoft ecosystem. Therefore, other data stores were not affected and there was no risk, he said.
SOC Radar had already informed the company about the data leak on September 24, whereupon it was immediately closed by Microsoft. Now, access to the data is only possible from use who have the appropriate authentication.
Microsoft considers numbers exaggerated
“We appreciate that SOC Radar informed us about the misconfigured endpoint, but after reviewing their blog post, we first want to note that SOC Radar massively exaggerated the extent of the problem,” Microsoft elaborates.
According to the company’s own investigation, the analysis of the data revealed many duplicates referring to the same emails, projects and users. Microsoft also criticizes the public search tool set up by the security company. It was not in the spirit of data security for customers, it said.
According to the experts, the Microsoft data leak included data from 2017 to 2022. Affected companies were informed via the Message Center tool. Those who did not receive a message there were and are therefore on the safe side.
In February 2022, it became known that an old and critical vulnerability in Microsoft Windows could still be exploited. In May, a critical zero-day vulnerability in Microsoft Office was also discovered.
No replies yet
Neue Antworten laden...
Gehört zum Inventar
Beteilige dich an der Diskussion in der Basic Tutorials Community →