Recently, Microsoft has confirmed that due to a misconfiguration of Microsoft server multiple sensitive information about some of Microsoft’s customers was exposed over the internet.
A total of over 65,000 leaked entities were detected by SOCRadar in this leak, which has now become public.
Security researchers from SOCRadar, a company that specializes in threat intelligence, alerted Microsoft on September 24, 2022, that there had been a leak on the server. However, after getting notified, Microsoft immediately secured the leaked server.
A list of the exposed information is provided by Microsoft and includes the following information:-
On the endpoint where the leak was discovered, a misconfiguration was unintentionally made, which led to the leak. The leak has not occurred as a result of a security vulnerability, so it cannot be blamed on that.
The cybersecurity analysts have identified information for more than 150,000 companies from 123 countries in six large public buckets.
In order to better track the intelligence around these leaks, SOCRadar researchers have named these leaks “BlueBleed”. There was no further detail provided by Microsoft about this data leak, as they abstained from sharing any additional information.
With the help of exposed information, threat actors could perform the following illicit activities to take advantage of that information:-
While this was revealed by SOCRadar’s report, which showed the data was found to be stored on a misconfigured Azure Blob Storage area.
It has been determined that there are more than 65,000 entities associated with the cluster of leaked sensitive data from 111 different countries. There were files that contained all these leaked data, and all of them were dated from 2017 to August 2022.
A SOCRadar investigation has resulted in the discovery of 2.4 TB of publicly available information containing sensitive Microsoft information as a result of:-
Furthermore, there has been a great deal of data discovered from leaks so far, including:-
The misconfigured buckets have exposed a variety of files, such as the following:-
Here below, we have mentioned all the recommendations:-
Managed DDoS Attack Protection for Applications – Download Free Guide
Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…