Upcoming Webinar
Understand How Your Peers Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
Unlocking the Secrets of App Security!
In this episode of UnplugIT, Stephen Rose talks to IT expert and technology engineer Sean Hurley about how to secure apps in the cloud.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

Microsoft Confirms Customer Data Breach Caused by Misconfigured Server

Microsoft has published an advisory about a server misconfiguration that may have compromised the sensitive data of some potential customers. The leak, dubbed “BlueBleed,” was first discovered by security researchers at threat intelligence firm SOCRadar on September 24.

The Microsoft Security Response Center explained that the misconfigured Azure Blob Storage instance made data related to the interactions between Microsoft and potential clients publicly accessible. The breach exposed confidential information like the customer’s name, email address, email content, file attachments, organization name, and contact numbers.

“The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.  We are working to improve our processes to further prevent this type of misconfiguration and performing additional due diligence to investigate and ensure the security of all Microsoft endpoints,” the company explained.

Microsoft disputes the scope of the BlueBleed data leak

Notably, Microsoft claims that the security firm exaggerated the facts and declared it one of the largest B2B data breaches that affected over 65,000 entities in 111 countries worldwide. However, the company analyzed the data set and found duplicate information about users, email addresses, and projects.

Microsoft notes that it’s an attempt by SOCRadar to promote its threat detection tool, “BlueBleed,” which could make organizations vulnerable to security risks. It advises that security companies developing similar solutions should design a good verification process to ensure data protection.

As of now, Microsoft has found no evidence that the issue compromised customer accounts or endpoints. The company has already patched the security issue, and the endpoint can now be accessed through the required authentication. Microsoft has also notified impacted customers about this breach via a Microsoft 365 Admin Center message.

by Rabia Noureen
Oct 20, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Making Microsoft Azure Penetration Testing Work to Combat Threats

Nov 21, 2023
Azure VMware Solution – Maximizing Security and Control with Customer-Managed Keys

Oct 3, 2023
Oct 10, 2023
Top Azure Cloud Security Controls to Understand

Oct 31, 2023
Jan 08, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.