Previous
2.4 TB Data Leak Caused By Microsoft’s Misconfiguration
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Eva Georgieva / Last Updated: 10/26/2022
Reviewed By: Dalibor Gašić, & Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
Summary Of The Attack
- On September 24, 2022 SOCRadar detected a misconfigured public bucket where Microsoft stored 2.4 TB of data.
- Impacted were 65,000 entities from 111 countries.
- The exposed data is dated from 2017 to August 2022.
- Microsoft stated that SOCRadar exaggerated the scope of the data leaked.
What Happened?
Misconfiguration of an endpoint caused a leakage of 2.4 TB of data of Microsoft’s customers.
The issue stemmed from a misconfigured Azure Blob Storage and was spotted on September 24, 2022, by the security company SOC Radar.
Who Was Impacted?
According to the SOCRadar statement, the data leaked was stored on a misconfigured Azure Blob Storage and the impact spanned 65,000 entities from 111 countries.
Customer data was the entity that suffered in this Microsoft data leak, which included:
- Names
- Email addresses
- Email content
- Company name
- Phone numbers
- Proof of concept documents
- Sales data
In addition, attached files relating to business between a customer and Microsoft or an authorized Microsoft partner were also exposed.
Per their statement, the exposed data is dated from 2017 to August 2022.
Researchers stated that the bucket was publicly indexed for months and it actively appeared in search engines.
The researchers named the leak “BlueBleed” referring to the exposed sensitive data from six misconfigured buckets.
SOCRadar even set up a website called BlueBleed where users can check if their data has been exposed.
What Is BlueBleed?
From the official SOCRadar website it is clearly stated that the term “BlueBleed” was created by Can Yoleri, who is a Threat and Vulnerability Researcher at SOCRadar.
The term refers to the sensitive information leaked by six misconfigured buckets collectively.
In their blog post, it is clearly elaborated how they discovered BlueBleed Part I as it is referred to.
The issue they stated was clearly a misconfigured public bucket where they stored 2.4 TB of data inside one single bucket.
By their estimation, it can be considered maybe one of the most significant B2B leaks, considering the scope of it.
How Can The Information Be Used?
Third parties or threat actors that might have had access to the bucket can use this information in different ways.
The first and most obvious one is scraping the email addresses for targeting the companies affected by the breach utilizing social engineering techniques, however blackmailing and selling the information on the dark web or Telegram channels are also viable options.
Besides that, SOC Radar also stated that the information exposed included information about network configuration and infrastructure posture of potential customers.
This opens another vector of attack, where researchers or threat actors might start looking for vulnerabilities in those systems and network configurations based on the information from the exposed data.
Microsoft’s Response
Microsoft in their statement elaborated that they do appreciate that SOCRadar informed them about the issue, however, following SOCRadar’s blog post Microsoft stated that the security company has greatly exaggerated the scope.
Based on Microsoft Security Response Center’s in-depth analysis and investigation they were able to conclude that a lot of the data that was exposed was duplicate information with multiple references to the same projects, email addresses and users.
They also expressed their disappointment in SOCRadar releasing a search tool where users can check if their data is exposed, since that does not follow best security practices and may even pose an additional security risk.
Actions Taken
In the official statement released towards the customers, Microsoft stated that they did notify every impacted customer directly and provided them with instructions on how they can further proceed to handle the incident.
Related Articles
Eva Georgieva
Eva is a security engineer, researcher, and penetration tester with over 5 years of experience working on both red teams and blue teams.
Recent Attacks
- Top 10 Cyber Attacks In 2022
- Top 10 Vulnerabilities In 2022
- Rackspace Ransomware Attack
- Dropbox Suffers Data Breach
- Iranian APT Uses Log4j
- Google SEO Poisoning Campaign
- Killnet DDoS Target Airports
- Advocate Aurora Health Data Leak
- Microsoft 2.4 TB Data Leak
- Optus Exposes 2.1M Customers
- $570M Binance Coin Hack
- TikTok Denies Cyber Attack
- NATO Data Leak
- Uber’s Systems Compromised
- Cisco Cyber Attack
- Samsung Exposes PII
Popular Articles
Ransomware Attacks
Preventing Attacks
HEALTHCARE
GOVERNMENT
CRYPTO