Saturday, December 2, 2023

Microsoft Data Leak – 2.4TB of 65,000+ Companies Data Leaked Online

Recently, Microsoft has confirmed that due to a misconfiguration of Microsoft server multiple sensitive information about some of Microsoft’s customers was exposed over the internet.

A total of over 65,000 leaked entities were detected by SOCRadar in this leak, which has now become public.

Security researchers from SOCRadar, a company that specializes in threat intelligence, alerted Microsoft on September 24, 2022, that there had been a leak on the server. However, after getting notified, Microsoft immediately secured the leaked server.

Data leak

A list of the exposed information is provided by Microsoft and includes the following information:-

  • Names
  • Email addresses
  • Email content
  • Company name
  • Phone numbers
  • Business files

On the endpoint where the leak was discovered, a misconfiguration was unintentionally made, which led to the leak. The leak has not occurred as a result of a security vulnerability, so it cannot be blamed on that.

The cybersecurity analysts have identified information for more than 150,000 companies from 123 countries in six large public buckets.

In order to better track the intelligence around these leaks, SOCRadar researchers have named these leaks “BlueBleed”. There was no further detail provided by Microsoft about this data leak, as they abstained from sharing any additional information.

With the help of exposed information, threat actors could perform the following illicit activities to take advantage of that information:-

  • Extortion
  • Blackmail
  • Social engineering

While this was revealed by SOCRadar’s report, which showed the data was found to be stored on a misconfigured Azure Blob Storage area.

It has been determined that there are more than 65,000 entities associated with the cluster of leaked sensitive data from 111 different countries. There were files that contained all these leaked data, and all of them were dated from 2017 to August 2022.

A SOCRadar investigation has resulted in the discovery of 2.4 TB of publicly available information containing sensitive Microsoft information as a result of:-

  • Misconfigured server
  • SQLServer databases
  • Other files

Furthermore, there has been a great deal of data discovered from leaks so far, including:-

  • Over 335,000 emails
  • Over 133,000 projects
  • Over 548,000 exposed users

Exposed Files

The misconfigured buckets have exposed a variety of files, such as the following:-

  • POE documents
  • SOW documents 
  • Invoices
  • Product orders
  • Product offers
  • Project details
  • Signed customer documents
  • POC (Proof of Concept) works
  • Customer emails (as well as .EML files)
  • Customer product price list and customer stocks
  • Internal comments for customers (High risk etc.)
  • Sales strategies
  • Customer asset documents
  • Partner ecosystem details


Here below, we have mentioned all the recommendations:-

  • Control and manage external-facing endpoints by mapping out your attack surface. 
  • Consider applying a shared responsibility model in your organization.
  • Make your environments more secure and manageable with identity and access solutions.
  • It is recommended that you use a shared access signature token.
  • Make sure that your data is encrypted when it is not in use.
  • Establish and enforce cloud security policies based on a zero-trust approach.
  • Prevent data breaches by securing your endpoints
  • Make sure your attack surface is monitored for external assets that are open to the public.

Managed DDoS Attack Protection for Applications – Download Free Guide


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles