Microsoft: data leak

There was a big one στη Microsoft, και τα δεδομένα των πελατών της εταιρείας ήταν πιθανώς δημόσια προσβάσιμα. Μια εταιρεία ασφαλείας ανακάλυψε έναν λάθος ρυθμισμένο διακομιστή με τα δεδομένα ελεύθερα στο Διαδίκτυο και ενημέρωσε τη Microsoft τον Σεπτέμβριο.

The event may have affected some of Microsoft's customers, whose email addresses may have been leaked along with other data.

leak

Security researcher Kevion Beaumond announced the incident to Microsoft in a series of tweets.

https://twitter.com/GossiTheDog/status/1582819993263099905

Security company SOCRadar searches for open servers on the Internet with the BlueBleed project. In September 2022, it also discovered misconfigured Microsoft servers that were accessible over the Internet. Security researchers published the article Sensitive Data of 65,000+ Entities in 111 Countries Leaked due to a Single Misconfigured Data Bucket, but without naming the company:

"Η SOCRadar ανακάλυψε ότι ευαίσθητα δεδομένα 65.000 οντοτήτων έγιναν δημόσια λόγω εσφαλμένης διαμόρφωσης διακομιστή. Η διαρροή περιλαμβάνει έγγραφα απόδειξης εκτέλεσης (PoE) και δήλωσης εργασίας (SoW), user data, product orders/offers, project details, PII (Personally Identifiable Information) data and documents that could indicate intellectual property.

After SOCRadar alerted the company to the issue, Mr ασφαλίστηκε αμέσως. Η Microsoft δημοσίευσε το άρθρο Regarding Misconfigured Microsoft Storage Location regarding this incident. Confirms that it was notified by SOCRadar security researchers about a configured Microsoft endpoint on September 24, 2022.

This misconfiguration resulted in unauthenticated access to some business transaction data, the researchers report. These are transactions related to interactions between Microsoft and customers, such as the design or possible implementation and development of Microsoft services.

Business transaction data included names, email addresses, email content, company names, phone numbers, and possibly file attachments related to transactions between a customer and Microsoft or an authorized Microsoft partner. The issue was caused by an unintentional misconfiguration on an endpoint that is not used by Microsoft.

Microsoft said it found no evidence that customer accounts or systems had been compromised. Microsoft reportedly notified affected customers directly about the incident. However, you can give your own domain to BlueBleed page για να μάθετε εάν έχετε επηρεαστεί από την παραβίαση .

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.
Microsoft, data leak

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).