Customer Data Exposed From Microsoft Misconfiguration

It has been reported that Microsoft has confirmed that a misconfigured endpoint unintentionally leaked business and personally identifiable information (PII) for some customers. The tech giant said it was informed about the incident by threat intelligence firm SOCRadar on September 24, and secured the endpoint soon after with authentication.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
October 24, 2022 9:32 am

Unfortunately, many of the data leaks we see these days are because of misconfigured Azure and Amazon Web Services data buckets, leading to leaks. As long as humans are involved in the configuration of such data buckets, we’ll continue to see leaks. 

Luckily, the affected customer count is relatively low. However, the affected parties will need to keep a wary eye out for phishing attempts and such as bad actors could make use of the leaked information (names, email addresses, email content, company name and phone numbers) to attempt to glean more information from employees and executives of the affected customers.

Also commenting on the story is Paul Bischoff, Consumer Privacy Advocate at Comparitech

Microsoft business customers and partners who were affected by the leak should be on the lookout for targeted phishing emails and text messages. Given that the parties involved are high-level employees, they are lucrative targets for CEO fraud and business email compromise. Although Microsoft hasn’t stated outright that the exposed data was actually stolen, our honeypot studies show misconfigured servers like these can be found and attacked within a matter of hours.

Last edited 1 month ago by Chris Hauk
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x