BlueBleed: Microsoft confirmed data leak exposing customers’ info

Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online.

Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server.

The data leak was discovered by the security threat intelligence firm SOCRadar which notified the IT giant on September 24, 2022.

“On September 24, 2022, SOCRadar’s built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider,” reported SOCRadar.

Microsoft secured the server on the same day.

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.” reads a post published by Microsoft.

“Upon being notified of the misconfiguration, the endpoint was quickly secured and is now only accessible with required authentication. Our investigation found no indication customer accounts or systems were compromised. We have directly notified the affected customers.”

The root cause of the data leak is an accidental misconfiguration on an endpoint that is not in use across the Microsoft ecosystem. The company pointed out that the leak was not caused by a security vulnerability.  

Exposed data includes names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner.

“SOCRadar has detected that sensitive data of 65,000 entities became public because of a misconfigured server. The leak includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property.” continues SOCRadar.

According to SOCRadar, the data was stored on a misconfigured Azure Blob Storage and impacted more than 65,000 entities from 111 countries. The exposed data are dated from 2017 to August 2022.

The researchers dubbed the leak “BlueBleed” referring to the sensitive information leaked by six misconfigured buckets collectively.

SOCRadata set up a website named BlueBleed that allows organizations to determine if their data were exposed.

“According to our analysis, the leak, dubbed BlueBleed Part I, consists of critical data belonging to more than 65,000 companies from 111 countries. SOCRadar researchers have discovered more than 335,000 emails, 133,000 projects, and 548,000 exposed users within the leaks so far.” added SOCRadata.

On the other side, Redmond attempted to downplay the data leak, it states that SOCRadar “greatly exaggerated” the scope of this issue and believes that the volume of exposed data is lower.

Microsoft condemned the decision of SOCRadar to set up the search portal due to its impact on customer privacy or security.

At this time it is not clear is threat actors had accessed the exposed server.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Log4Shell)

[adrotate banner=”5″]

[adrotate banner=”13″]