The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online – Thanks to a database misconfiguration – The researchers have dubbed the incident “BlueBleed.”
Microsoft has already acknowledged the exposure of customer data and email content in the incident. The company also confirmed that the data exposure happened inadvertently as the company failed to configure a server, which exposed sensitive customer data.
Per Microsoft, a misconfigured endpoint exploit leaked the data. Microsoft asserted that the data was mostly related to business transactions between Microsoft and its “prospective customers.”
“The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.”Microsoft
The incident was reported to Microsoft by threat intelligence firm SOCRadar. The company regards the incident as one of the most “significant B2B leaks.” SOCRadar informed Microsoft about this leak in September 2022.
Further probe revealed that leaked files were dated from 2017 to August 2022. SOCRadar revealed identifying several misconfigured cloud storage buckets dubbed BlueBleed. This includes six large buckets storing information about 150,000 firms across 123 countries.
The buckets included a misconfigured Azure Blob Storage database, which contained info on over 65,000 entities in 111 countries. But Microsoft stated that the number is pretty exaggerated and fairly low.
“Surely this is not the first time a misconfigured server has exposed sensitive information, and it will not be the last. However, with vital leaked data belonging to tens of thousands of entities, BlueBleed is one of the largest B2B leaks in recent years.”Can Yoleri – Vulnerability and Threat Researcher – Primary Investigator of BlueBleed
In total, 2.4 TB of files collected are part of this leak. It is alleged that the data includes 335,000 emails, 548,000 users, and 133,000 projects. The exposed data reportedly contains names, email content, email IDs, company name, and phone numbers.
In addition, in a blog post, Microsoft revealed that exposed data includes attached files on business dealing between Microsoft and a customer or Microsoft or an authorized partner. The leak also includes PoE (proof-of-execution) and SoW (statement of work) documents, product orders/offers, project details, user info, and private data.
Microsoft quickly addressed and fixed the issue and notified affected customers about the incident. However, this is not the first time when Microsoft exposed such sensitive data online. In September 2020, the Microsoft Bing server exposed user search queries and location data.
The disturbing part of the incident was the fact that the Microsoft Bing server logged some horrific search terms, including searchers for murder and child abuse content.
- A critical bug in Microsoft left 400M accounts exposed
- 250m Microsoft customer support records leaked in plain text
- LAPSUS$ Leak Trove of Data, Claim to Breach Microsoft and Okta
- Microsoft investigating Windows XP, Server 2003 source code leak
- 38 million records exposed in Microsoft Power apps misconfiguration