Microsoft data leak, customer data affected (Oct. 2022)

Sicherheit (Pexels, allgemeine Nutzung)[German]There has been a major data leak at Microsoft, where customer data was probably publicly accessible. A security company found a misconfigured server with the data on the Internet and informed Microsoft in September. This is likely to affect some of Microsoft's customers, whose email addresses may have been leaked along with other data.


Security researcher Kevion Beaumond pointed out this data protection incident at industry leader Microsoft in a series of tweets on Twitter.

Microsoft Data Breach

The security provider SOCRadar looks for open servers on the Internet in the BlueBleed project and finds them again and again. In September 2022, it also discovered misconfigured Microsoft servers that were accessible via the Internet. The security researchers published the article Sensitive Data of 65,000+ Entities in 111 Countries Leaked due to a Single Misconfigured Data Bucket, but without naming the company. It states::

SOCRadar has determined that sensitive data of 65,000 entities became public due to a misconfigured server. The leak includes proof-of-execution (PoE) and statement-of-work (SoW) documents, user information, product orders/quotes, project details, PII (Personally Identifiable Information) data and documents that could indicate intellectual property.

After SOCRadar alerted the company to the issue, the open server was immediately secured. Microsoft has published the article Investigation Regarding Misconfigured Microsoft Storage Location regarding this incident. It confirms that it was notified by SOCRadar security researchers of a misconfigured Microsoft endpoint on Sept. 24, 2022.

This misconfiguration resulted in unauthenticated access to some business transaction data, it says. These are transactions related to interactions between Microsoft and potential customers, such as in the planning or potential implementation and deployment of Microsoft services.   


The business transaction data included names, email addresses, email content, company names and phone numbers, and possibly attached files related to business between a customer and Microsoft or a Microsoft authorized partner. The issue was caused by an unintentional misconfiguration on an endpoint not used across the Microsoft ecosystem and was not the result of a security vulnerability.  

After Microsoft was notified of the misconfiguration, the endpoint was quickly secured and is now only accessible with the required authentication. Microsoft states that the investigation found no evidence that customer accounts or systems were compromised. Microsoft have notified affected customers directly about the incident. However, you can enter your own domain on the BlueBleed page and find out if you have been affected by a data breach.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *