Microsoft Confirms Customer Data Breach Caused by Misconfigured Server


Microsoft has published an advisory about a server misconfiguration that may have compromised the sensitive data of some potential customers. The leak, dubbed “BlueBleed,” was first discovered by security researchers at threat intelligence firm SOCRadar on September 24.

The Microsoft Security Response Center explained that the misconfigured Azure Blob Storage instance made data related to the interactions between Microsoft and potential clients publicly accessible. The breach exposed confidential information like the customer’s name, email address, email content, file attachments, organization name, and contact numbers.

“The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.  We are working to improve our processes to further prevent this type of misconfiguration and performing additional due diligence to investigate and ensure the security of all Microsoft endpoints,” the company explained.

Microsoft disputes the scope of the BlueBleed data leak

Notably, Microsoft claims that the security firm exaggerated the facts and declared it one of the largest B2B data breaches that affected over 65,000 entities in 111 countries worldwide. However, the company analyzed the data set and found duplicate information about users, email addresses, and projects.

Microsoft notes that it’s an attempt by SOCRadar to promote its threat detection tool, “BlueBleed,” which could make organizations vulnerable to security risks. It advises that security companies developing similar solutions should design a good verification process to ensure data protection.

As of now, Microsoft has found no evidence that the issue compromised customer accounts or endpoints. The company has already patched the security issue, and the endpoint can now be accessed through the required authentication. Microsoft has also notified impacted customers about this breach via a Microsoft 365 Admin Center message.