Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Submission Preview

Link to Story

Merge: janrinok (10/23 18:23 GMT)

Accepted submission by janrinok at 2022-10-23 18:23:26
News

Microsoft Confirms Customer Data Leak but Disputes Scope

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Microsoft confirms customer data leak but disputes scope [theregister.com]:

Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.

In a revelation [microsoft.com] this week, Microsoft's Security Response Center (MSRC) said the cloud provider was notified by threat intelligence firm SOCRadar on September 24 about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.

The information included planning or potential implementation and provisioning of Microsoft services, according to MSRC. Once notified, Microsoft secured the endpoint, which now can only be accessed through required authentication.

"Our investigation found no indication customer accounts or systems were compromised," the unit wrote. "We have directly notified the affected customers."

However, in a report [socradar.io] also released this week, SOCRadar researchers wrote that the misconfigured server exposed sensitive data including proof-of-execution and statement-of-work documents, user information, product offers and orders, project details, and personally identifiable information (PII).

The documents may have also revealed intellectual property, they claim.

SOCRadar said that its Cloud Security Module monitors "public buckets" to detect exposed customer data and that six large public buckets contained information from more than 150,000 companies in 123 countries. The company is collectively referring to the leaks as "BlueBleed".

The report details the leaks found in the one of the largest public buckets – referred to as BlueBleed Part 1 – which includes a misconfigured Azure Blog Storage instance that allegedly contained information from more than 65,000 entities in 111 countries.

In all, they discovered 2.4TB of publicly available data that dated from 2017 to August this year with BlueBleed Part 1, including more than 335,000 emails, 133,000 projects, and 548,000 exposed users.

The report says the parties "who may have accessed the bucket may use this information in different forms for extortion, blackmailing, creating social engineering tactics with the help of exposed information, or simply selling the information to the highest bidder on the dark web and Telegram channels."

"Surely this is not the first time a misconfigured server has exposed sensitive information, and it will not be the last," Can Yoleri, vulnerability and threat researchers at SOCRadar and the primary investigator of BlueBleed, said in a statement. "However, with vital leaked data belonging to tens of thousands of entities, BlueBleed is one of the largest B2B leaks in recent years."

Microsoft disputed SOCRadar's description of the extent of the leak, which it said involved business transaction data like names, email address, email content, company names, and phone numbers and may also include attached files linked to business "between a customer and Microsoft or an authorized Microsoft partner."

"After reviewing [the SOCRadar] blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue," MSRC wrote. "Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error."

Microsoft also criticized SOCRadar for publicly releasing a search tool that it says does not ensure customer privacy or security and could expose organizations to risk. SOCRadar said it provides a free service enterprises can use to search for their company names to determine if they are affected by any of the BlueBleed leaks.

SOCRadar researchers said misconfigured servers are among the top causes of data leaks and, pointing to the SANS 2022 Top New Attacks and Threat Report [sans.org], added that data exfiltration from cloud storage is a common attack avenue.

"Threat actors constantly scan public storage buckets for sensitive data," the researchers wrote. "They have the resources and means to automate the scanning with advanced tools. Companies should proactively monitor such cyber risks with automated security tools."

In an email to The Register, Erich Kron, security awareness advocate for cybersecurity firm KnowBe4, said that some of the data exposed may seem trivial, but that if SOCRadar's information is correct, "it could include some sensitive information about the infrastructure and network configuration of potential customers. This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations' networks."

Kron also said that incidents like BlueBleed illustrate that with cloud storage, such a misconfiguration can expose information from many more organizations and individuals than a similar issue with on-premises systems.

"This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand," he said. "Policies related to double checking configuration changes, or having them confirmed by another person, is not a bad idea when the outcome could lead to the exposure of sensitive data." ®

Get ourTech Resources [theregister.com]ShareSimilar topics

  • Azure
  • Cloud Computing
  • Data

More like these×Similar topics

  • Azure
  • Cloud Computing
  • Data
  • Microsoft
  • Storage

Narrower topics

  • Active Directory
  • AWS
  • Backup
  • Bing
  • Blu-Ray
  • BSoD
  • Cloud native
  • Content delivery network
  • Digital Ocean
  • DRAM
  • EC2
  • Edge Computing
  • Excel
  • Exchange Server
  • Google Cloud Platform
  • G Suite
  • HDD
  • HoloLens
  • Hybrid Cloud
  • IaaS
  • iCloud
  • Internet Explorer
  • Kubernetes
  • LinkedIn
  • Microsoft 365
  • Microsoft Build
  • Microsoft Edge
  • Microsoft Ignite
  • Microsoft Office
  • Microsoft Surface
  • Microsoft Teams
  • .NET
  • Network Attached Storage
  • Office 365
  • OS/2
  • Outlook
  • Paas
  • Patch Tuesday
  • Pluton
  • Private Cloud
  • Public Cloud
  • Semiconductor Memory
  • Serverless
  • SharePoint
  • Skype
  • Snowflake Inc.
  • SQL Server
  • Virtualization
  • Visual Studio
  • Visual Studio Code
  • vSphere
  • Windows
  • Windows 10
  • Windows 11
  • Windows 7
  • Windows 8
  • Windows Server
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows Server 2013
  • Windows Server 2016
  • Windows XP
  • Xbox
  • Xbox 360

Broader topics

  • Bill Gates

Similar topics ShareSimilar topics

  • Azure
  • Cloud Computing
  • Data

More like these×Similar topics

  • Azure
  • Cloud Computing
  • Data
  • Microsoft
  • Storage

Narrower topics

  • Active Directory
  • AWS
  • Backup
  • Bing
  • Blu-Ray
  • BSoD
  • Cloud native
  • Content delivery network
  • Digital Ocean
  • DRAM
  • EC2
  • Edge Computing
  • Excel
  • Exchange Server
  • Google Cloud Platform
  • G Suite
  • HDD
  • HoloLens
  • Hybrid Cloud
  • IaaS
  • iCloud
  • Internet Explorer
  • Kubernetes
  • LinkedIn
  • Microsoft 365
  • Microsoft Build
  • Microsoft Edge
  • Microsoft Ignite
  • Microsoft Office
  • Microsoft Surface
  • Microsoft Teams
  • .NET
  • Network Attached Storage
  • Office 365
  • OS/2
  • Outlook
  • Paas
  • Patch Tuesday
  • Pluton
  • Private Cloud
  • Public Cloud
  • Semiconductor Memory
  • Serverless
  • SharePoint
  • Skype
  • Snowflake Inc.
  • SQL Server
  • Virtualization
  • Visual Studio
  • Visual Studio Code
  • vSphere
  • Windows
  • Windows 10
  • Windows 11
  • Windows 7
  • Windows 8
  • Windows Server
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows Server 2013
  • Windows Server 2016
  • Windows XP
  • Xbox
  • Xbox 360

Broader topics

  • Bill Gates

TIP US OFF

Send us news [theregister.com]

Microsoft Leaked 2.4TB of Data Belonging to Sensitive Customer. Critics are Furious

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious [arstechnica.com]:

Microsoft is facing criticism for the way it disclosed a recent security lapse that exposed what a security company said was 2.4 terabytes of data that included signed invoices and contracts, contact information, and emails of 65,000 current or prospective customers spanning five years.

The data, according to a disclosure [socradar.io] published Wednesday by security firm SOCRadar, spanned the years 2017 to August 2022. The trove included proof-of-execution and statement of work documents, user information, product orders/offers, project details, personally identifiable information, and documents that may reveal intellectual property. SOCRadar said it found the information in a single data bucket that was the result of a misconfigured Azure Blob Storage [microsoft.com].

Microsoft can’t, or Microsoft won’t?

Microsoft posted its own disclosure [microsoft.com] on Wednesday that said the security company “greatly exaggerated the scope of this issue” because some of the exposed data included “duplicate information, with multiple references to the same emails, projects, and users.” Further using the word “issue” as a euphemism for “leak,” Microsoft also said: “The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.”

Absent from the bare-bones, 440-word post were crucial details, such as a more detailed description of the data that was leaked or how many current or prospective customers Microsoft really believes were affected. Instead, the post chided SOCRadar for using numbers Microsoft disagreed with and for including a search engine [socradar.io] people could use to determine if their data was in the exposed bucket. (The security company has since restricted access to the page.)

When one affected customer contacted Microsoft to ask what specific data belonging to their organization was exposed, the reply [twitter.com] was: “We are unable to provide the specific affected data from this issue.” When the affected customer protested, the Microsoft support engineer once again declined.

there is some more. I contacted MS to get more details pic.twitter.com/Ty24o6VibO [t.co]

— boosted Bobby Tables (@KiPos_info) October 20, 2022 [twitter.com]

Critics also faulted Microsoft for the way it went about directly notifying those who were affected. The company contacted affected entities through Message Center, an internal messaging system that Microsoft uses to communicate with administrators. Not all administrators have the ability to access this tool, making it likely that some notifications have gone unseen. Direct messages displayed on Twitter also showed Microsoft saying that the company wasn’t required by law to disclose the lapse to authorities.

“MS being unable (read: refusing) to tell customers what data was taken and apparently not notifying regulators—a legal requirement—has the hallmarks of a major botched response,” Kevin Beaumont, an independent researcher, wrote on Twitter [twitter.com]. “I hope it isn’t.”

He went on to post screenshots documenting that the exposed data has been publicly available for months [twitter.com] on Grayhat Warfare [grayhatwarfare.com], a database that sweeps up and stores data exposed in public buckets.

The Microsoft bucket has been publicly indexed for months, it's called olyympusv2 hosted on Azure blob storage - it was publicly readable. It's even in search engines.https://t.co/5iBIb2qvue [t.co]pic.twitter.com/5zjC0IC4wh [t.co]

— Kevin Beaumont (@GossiTheDog) October 20, 2022 [twitter.com]

As the Grayhat Warfare images Beaumont posted indicate, the cached data included digitally signed contracts and purchase orders. He said that other exposed data includes “emails from US .gov, talking about O365 projects, money etc.” It also included information pertaining to CNI [twitter.com], short for critical national infrastructure.

there's was all kinds of CNI stuff in this MS blob. Also, check out the dates on the right. pic.twitter.com/nCXzgtaJW3 [t.co]

— Kevin Beaumont (@GossiTheDog) October 20, 2022 [twitter.com]

Besides criticism of the way Microsoft has gone about disclosing the leak, the incident also raises questions about Microsoft’s data retention policies. Often, years-old data is of more benefit to potential criminals than it is to the company holding it. In cases like these, the best course is often to periodically destroy the data.

Microsoft didn’t immediately respond to an email seeking comment for this story.

Prospective or actual Microsoft enterprise customers over the past five years should review both blog posts linked above and also check Message Center for any exposure notifications. In the event an organization is affected, personnel should be on the lookout for scams, phishing emails, or other attempts to exploit the exposed information.

← Previous story [arstechnica.com]Next story → [arstechnica.com]

Original Submission #1  Original Submission #2