by Cybersecurity provider SOCRadar said on Wednesday (19th) that its cloud security module detected a single server storage misconfiguration of Microsoft’s Azure Blob, which resulted in the leakage of data from more than 65,000 companies in 111 countries, including Including sensitive data from a well-known cloud provider, it became one of the worst B2B breaches in history.
The server of Azure Blob contains multiple SQL Server databases and various files, with a total data volume of about 2.4TB from 2017 to August 2022, and the files leaked in the incident include Proof of Execution (PoE), Statements of Work (SoW), product orders and quotations, client documents, project details, personal data, and documents containing intellectual property rights; exposed data related to over 335,000 emails, 133,000 projects, and data on 548,000 users.
Microsoft explained that the accident stemmed from misconfiguration of endpoints in its ecosystem, allowing unauthorized users to access business transaction data such as names, email content, phone numbers, attachments, etc. of Microsoft potential customers. Microsoft emphasized that the incident was caused by a misconfiguration of the terminal, not a security vulnerability, and changed the configuration under the notification of SOCRadar, and notified all affected users one by one, promising to improve internal programs to prevent the same type of incident from happening again.
However, Microsoft believes that SOCRadar exaggerated the scale of the data breach, because the data collected by SOCRadar included repeated emails, items and user data. Microsoft also denounced SOCRadar, which makes public a free search tool, not in the best interests of ensuring customer privacy or security, even though users can check whether they are affected by a data breach, but the lack of identity verification will expose users to inconveniences. necessary risk.
source:Ars Technica
—
unwire.hk Mewe Page : https://mewe.com/p/unwirehk
