Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft data breach exposed sensitive data of 65,000 companies

By

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

SOCRadar Cloud Security Module discovered a misconfigured Microsoft Server on September 24, 2022.
Image used with permission by copyright holder

Having been made aware of the breach on September 24, 2022, Microsoft released a statement saying it had secured the comprised endpoint, which is “now only accessible with required authentication,” and that an investigation “found no indication customer accounts or systems were compromised.”

Recommended Videos

The company also stated that it has directed contacted customers that were affected by the breach.

Please enable Javascript to view this content

However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. The security firm noted that while Microsoft might have taken swift action on fixing the misconfigured server, its research was able to connect the 65,000 entities uncovered to a file data composed between 2017 and 20222, according to Bleeping Computer.

Microsoft has not been pleased with SOCRadar’s handling of this breach, having stated that encouraging entities to use its search tool “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”

The research firm insists that it has not overstepped any privacy protocols in its work and none of the information it uncovered was saved on its end.

“No data was downloaded. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems,” SOCRadar VP of Research and CISO Ensar Şeker told BleepingComputer.

“We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. Search can be done via metadata (company name, domain name, and email). Due to persistent pressure from Microsoft, we even have to take down our query page today,” he added.

Microsoft itself has not publicly shared any detailed statistics about the data breach.

Editors’ Recommendations

Topics
Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Major data breach involved ‘only’ 1.3 million people
A large monitor displaying a security hacking breach warning.

Information from a hacking group and a class action lawsuit document sourced by Bloomberg Law reported that a recent data breach of 2.9 billion personal records leaked sensitive information, such as Social Security numbers. But until now, National Public Data (NPD) had not officially confirmed the breach or the number of affected users.

In a new statement about the breach, NPD explained: "There appears to have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024." Separately, in a notification about the breach on the Maine Attorney General's website, it was revealed a total of 1.3 million people were affected.

Read more
One of the worst data breaches in history just got even worse
A concept image of a hacker at work in a dark room.

New details have surfaced about what is reportedly one of the most critical breaches in internet history. As Tom's Hardware reports, a user who goes by the alias Fenice claims to have posted for free a more complete version of the allegedly stolen data from the background check company National Public Data and published it on a popular hacking forum.

On August 6, Fenice posted the data affecting 2.9 billion personal records and claimed that a distinct hacker named SXUL, not USDoD, caused the breach. While others had posted copies of the data before, none were apparently as complete as the one Fenice provided. Nonetheless, there are apparent problems with the data, including wrong Social Security numbers.

Read more
You may be a victim in one of the worst data breaches in history
A person using a laptop with a set of code seen on the display.

Background check company National Public Data -- also known as Jerico Pictures -- suffered what is reportedly one of the most significant data breaches in history, affecting 2.9 billion personal records that leaked sensitive data such as Social Security numbers and more, as mentioned in a class-action lawsuit document and sourced by Bloomberg Law. What's even worse is that it's not known how the breach happened in the first place -- or who has been included in it.

Before getting into it, it's worth noting that National Public Data has not confirmed the breach yet, so there's a lot of information that's only coming from the lawsuit or the hacking group. That means some of the figures will need to be taken with a grain of salt. Still, it doesn't sound good.

Read more