Windows Central is part of Future US Inc, an international media group and leading digital publisher. A security lapse left an Azure endpoint available for unauthenticated access in the incident, termed "BlueBleed." The exposed data includes, for example, emails from US .gov, talking about O365 projects, money etc - I found this not via SOCRadar, it's cached. Common types of sensitive data include credit card numbers, personally identifiable information (PII) like a home address and date of birth, Social Security Numbers (SSNs), corporate intellectual property (IP) like product schematics, protected health information (PHI), and medical record information that could be used to identify an individual. April 19, 2022. They also can diminish the trust of those who become the victims of identity theft, credit card fraud, or other malicious activities as a result of those breaches. However, it required active steps on the part of the user and wasnt applied by Microsoft automatically. New York, The hacker was charging the equivalent of less than $1 for the full trove of information. With that in place, many users were unaware that their previous, separate Skype password remained stored, allowing it to be used to login to Skype specifically from other devices. For the 2022 report, Allianz gathered insights from 2,650 risk management experts from 89 countries and territories. It should be noted that Tor can be used to access illegal content on the dark web, and Digital Trends does not condone or encourage this behavior. The research firm insists that it has not overstepped any privacy protocols in its work and none of the information it uncovered was saved on its end. A post in M365 Admin Center, ignoring regulators and telling acct managers to blow off customers ain't going to cut it. There was a problem. The data classification process involves determining datas sensitivity and business impact so you can knowledgeably assess the risks. The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords. This blog describes how the rule is an opportunity for the IT security team to provide value to the company. Learn more below. Per SOCRadar's analysis, these files contain customer emails, SOW documents, product offers,POC (Proof of Concept) works, partner ecosystem details, invoices, project details, customer product price list,POE documents, product orders, signed customer documents, internal comments for customers, sales strategies, and customer asset documents. According to Microsoft, the exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner. Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak Oct 21, 2022 Ravie Lakshmanan Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. August 25, 2021 11:53 am EDT. "No data was downloaded. Not really. This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand, Kron added. On October 19th, security firm SOCRadar identified over 2.4 terabytes of exposed data on a misconfigured Microsoft endpoint. Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Update October 20,08:15 EDT: Added SOCRadar statement and info on a notificationpushed by Microsoft through the M365 admin center on October 4th. After digging deeper, the specialist noticed more unexpected activities, including requests relating to specific emails and for confidential files. This trend will likely continue in 2022 as attackers continue to seek out vulnerabilities in our most critical systems. Was yours one of the billions of records stolen through breaches in recent years? Microsoft followed suit and named a Chinese state-sponsored hacker group, Hafnium, as the culprit behind the attack. Microsoft exposed some of its customers' names, email addresses, and email content, among other sensitive data. The hacker gained access to the personal data through an employee's email that contained sensitive information including patient names, medical information, and test results. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems," SOCRadar VP of Research and CISO Ensar eker told BleepingComputer. The tech giant has thanked SOCRadar, but its not happy with the companys blog post, claiming that it greatly exaggerates the scope of the issue and the numbers involved. Microsoft data breach exposes customers contact info, emails. Five insights you might have missed from the Dell-DXC livestream event, Interview: Here's how AWS aims to build new bridges for telcos into the cloud-native world, Dell addresses enterprise interest in a simpler consolidated security model, The AI computing boom: OctoML targets machine learning workload deployment, Automation is moving at a breakneck pace: Heres how that trend is being leveraged in enterprise IT, DIVE INTO DAVE VELLANTES BREAKING ANALYSIS SERIES, Dave Vellante's Breaking Analysis: The complete collection, MWC 2023 highlights telco transformation and the future of business, Digging into Google's point of view on confidential computing, Cloud players sound a cautious tone for 2023. They also said they had secured the endpoint and notified the accounts that had been compromised, and elaborated that they found no evidence customer accounts had actually been compromised only exposed. The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. Humans are the weakest link. For example, through the flaw which was related to Internet Explorer 6, specifically attackers gained the ability to download malware onto a Google employees computer, giving them access to proprietary information. November 16, 2022. Microsoft Breach 2022! Microsoft uses the following classifications: Identifying data at scale is a major challenge, as is enforcing a process so employees manually mark documents as sensitive. Data leakage protection is a fast-emerging need in the industry. In a revelation this week, Microsoft's Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 . In March 2013, nearly 3,000 Xbox Live users had their credentials exposed after participating in a poll and entering a prize draw. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.". The snapshot was of Azure DevOps, which is a collaboration software launched by Microsoft - it shared that Cortana, Bing, and other projects were compromised in the breach. Several members of the group were later indicted, and one member, David Pokora, became the first foreign hacker to ever receive a sentence on U.S. soil. Considering the potentially costly consequences, how do you protect sensitive data? The company's support team also reportedly told customers who reached out that it would not notify data regulators because "no other notifications are required under GDPR" besides those sent to impacted customers. "Our team was already investigating the. A cybercriminal gang, Lapsus$, managed to breach some of the largest tech companies in the world - including Samsung, Ubisoft, and most recently, Microsoft Bing. At the time, the cache was one of the largest ever uncovered, and only came to light when a Russian hacker discussed the collected data on an online forum. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," the companyrevealed. Microsoft has confirmed that the hacker group Lapsus$ breached its security system, after the digital extortion gang claimed credit earlier this week. In this climate of data gathering and privacy concerns, the Tor browser has become the subject of discussion and notoriety. Having been made aware of the breach on September 24, 2022, Microsoft released a statement saying it had secured the comprised endpoint, which is now only accessible with required authentication, and that an investigation found no indication customer accounts or systems were compromised.. Besideswhat wasfound inside Microsoft's misconfigured server, BlueBleed also allows searching for data collected from five otherpublic storage buckets. The most recent Microsoft breach occurred in October 2022, when data on over 548,000 users was found on an misconfigured server. Additionally, several state governments and an array of private companies were also harmed. Thank you for signing up to Windows Central. If hackers gained access to that Skype password, they could effectively bypass the two-factor authentication, giving them access. Microsoft confirmed that a misconfigured system may have exposed customer data. The tech giant announced in June 2021 that it found malware designed to steal information on a customer support agents computer, potentially allowing the hackers to access basic account information on a limited number of customers. Microsoft is disappointed that this tool has been publicly released, saying that its not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk. After SCORadar flagged a Microsoft data breach at the end of October, the company confirmed that a server misconfiguration had caused 65,000+ companies' data to be leaked. 85. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error. On February 21, Activision acknowledged that they suffered a data breach in December 2022, after a hacker tricked an employee via an SMS phishing attack. Sometimes, organizations collect personal data to provide better services or other business value. For instance, you may collect personal data from customers who want to learn more about your services. Misconfigured Public Cloud Databases Attacked Within Hours of Deployment, Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases, Microsoft Confirms NotLegit Azure Flaw Exposed Source Code Repositories, Industry Experts Analyze US National Cybersecurity Strategy, Critical Vulnerabilities Allowed Booking.com Account Takeover, Information of European Hotel Chains Customers Found on Unprotected Server, New CISA Tool Decider Maps Attacker Behavior to ATT&CK Framework, Dish Network Says Outage Caused by Ransomware Attack, Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products, 33 New Adversaries Identified by CrowdStrike in 2022, Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites, EPA Mandates States Report on Cyber Threats to Water Systems, Thousands of Websites Hijacked Using Compromised FTP Credentials, Organizations Warned of Royal Ransomware Attacks, White House Cybersecurity Strategy Stresses Software Safety, Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts, BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems, Advancing Women in Cybersecurity One CMOs Journey. Microsoft also fired back at SOCRadar for exaggerating the scope of the issue, so it's unclear if that company's report that 65,000 entities affected hold true. "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster." The data protection authorities have issued a total of $1.25 billion in fines over breaches of the GDPR since January 28, 2021.5. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC. On March 22, Microsoft issued a statement confirming that the attacks had occurred. Microsoft has criticised security firm SOCRadar for "exaggerating" the extent of the data leak and for making a search tool that allows organisations to see if their data was exposed. Copyright 2023 Wired Business Media. The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users. While its known that the records were publicly accessible, it isnt clear whether the data was actually accessed by cybercriminals. Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place. (RTTNews) - Personal data of 38 million users were accidentally leaked due to a fault in Microsoft's (MSFT) Power Apps . In 2021, the effects of ransomware and data breaches were felt by all of us. Additionally, we found that no customer accounts and systems were compromised due to unrestricted access. On March 20, 2022, the infamous hacker group Lapsus$ announced that they had successfully breached Microsoft. A major data breach is a reminder that cybercriminals who access exposed data, which sometimes can include PII, can use it for a variety of crimes, including identity theft. The credentials allowed the hackers to view a limited dataset, including email addresses, subject lines, and folder names. For data classification, we advise enforcing a plan through technology rather than relying on users. The company has also been making a bigger push and investment in cybersecurity with its new Microsoft Security Experts program and integrating security intelligence into its Windows Defender tool. Eduard holds a bachelors degree in industrial informatics and a masters degree in computer techniques applied in electrical engineering. In November 2016, word of pervasive spam messages coming from Microsoft Skype accounts broke. Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users, Microsoft pointed out. 229 SHARES FacebookRedditLinkedinTelegramWhatsappTweet Me Greetings! Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding. February 21, 2023. Heres how it works. Due to the security incident, the Costa Rican government established a new Cyber Security Council to better protect citizens' data in the future. With information from the database, attackers could create tools to break into systems by exploring the vulnerabilities, potentially allowing them to target hundreds of millions of computers. Microsoft Digital Defense Report 2022 Illuminating the threat landscape and empowering a digital defense. In relatively short order, it was determined that four zero-day vulnerabilities were allowing unauthorized parties to access data, deploy malware, hijack servers, and access backdoors to reach other systems. "More importantly, we are disappointed that SOCRadar has chosen to release publicly a 'search tool' that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk," Microsoft added in its response. When considering plan protections, ask: Who can access the data? Though the number of breaches reported in the first half of 2022 . This miscongifuration resulted in the possibility of "unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers". The database wasnt properly password-protected for approximately one month (December 5, 2019, through December 31, 2019), making the details accessible to anyone with a web browser who managed to connect to the database. From the article: The Allianz Risk Barometer is an annual report that identifies the top risks for companies over the next 12 months. After several rounds of layoffs, Twitter's staff is down from . Every level of an organizationfrom IT operations and red and blue teams to the board of directors could be affected by a data breach. The company believes such tools should include a verification system to ensure that a user can only look for data pertaining to them, and not to other users. 3:18 PM PST February 27, 2023. The company said the leak included proof-of-execution (PoE) and statement of work (SoW) documents, user information, product orders and offers, project details, and personal information. Based in the San Francisco Bay Area, when not working, he likes exploring the diverse and eclectic food scene, taking short jaunts to wine country, soaking in the sun along California's coast, consuming news, and finding new hiking trails. What Was the Breach? "We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.". Poll: Do you think Microsoft's purchase of Activision Blizzard will be approved? These buckets, which the firm has dubbed BlueBleed, included a misconfigured Azure Blob Storage instance allegedly containing information on more than 65,000 entities in 111 countries. If the proper updates werent applied, the issues remained in place, allowing attackers to take advantage of the flaw long-term. Retardistan is by far the largest provider of tools to keep our youth memerised, so take a break sit back and think about what would be good for our communities and not just for your hip pocket. One thing is clear, the threat isn't going away. The extent of the breach wasnt fully disclosed to the public, though former Microsoft employees did state that the database contained descriptions of existing vulnerabilities in Microsoft software, including Windows operating systems. Even though Microsoft's investigation revealed that no customer accounts or systems were compromised, the SOCRadar security researchers who notified Microsoft of its misconfigured server were able to link information directly back to 65,000 entities across 111 countries in file data composed between 2017 and 20222, according to a report on Bleeping Computer. Microsoft also disputed some key details of SOCRadars findings: After reviewing their blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue. Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. SOCRadar VP of Research Ensa Seker told the publication that no data was shared with anyone through the use of BlueBleed, and all the data that it had collected has since been deleted. In a lengthy blog post, Microsofts security team described Lapsus$ as a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements. They go on to describe the groups tactics in great detail, indicating that Microsoft had been studying Lapsus$ carefully before the incident occurred. Welcome to Cyber Security Today. Hey Sergiu, do you have a CVE for this so I can read further on the exposure? 3 How to create and assign app protection policies, Microsoft Learn. "On September 24, 2022, SOCRadar's built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider," SOCRadarsaid. Numerous government agencies including the Department of Defense, Department of Homeland Security, Department of Justice, and Federal Aviation Administration, among others were impacted by the attack. At the end of the day, the problem doesn't seem to be in the platform itself, but in the way people use ut. Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. Even though this was caused not by a vulnerability but by a improeprly configured instance it still shows the clouds vulnerability. The data discovery process can surprise organizationssometimes in unpleasant ways. You can think of it like a B2B version of haveIbeenpwned. Duncan Riley. Bako Diagnostics' services cover more than 250 million individuals. In 2022, it took an average of 277 daysabout 9 monthsto identify and contain a breach. It all began in August 2022, when LastPass revealed that a threat actor had stolen the apps source code. Microsoft has confirmed that it inadvertently exposed information related to prospective customers, but claims that the company which reported the incident has exaggerated the numbers. In one of the broadest security incidents involving Microsoft, four zero-day vulnerabilities led to widespread hacking attempts targeting Microsoft Exchange Servers. It's Friday, October 21st, 2022. Microsoft data breach exposed sensitive data of 65,000 companies By Fionna Agomuoh October 20, 2022 Microsoft servers have been subject to a breach that might have affected over. Azure and Breach Notification under the GDPR further details how Microsoft investigates, manages, and responds to security incidents within Azure. In others, it was data relating to COVID-19 testing, tracing, and vaccinations. The messages were being sent through compromised accounts, including users that signed up for Microsofts two-factor authentication. Bookmark theSecurity blogto keep up with our expert coverage on security matters. whatsapp no. The most recent Microsoft breach occurred in October 2022, when data on over 548,000 users was found on an misconfigured server. In June 2012, word of a man-in-the-middle attack that allowed hackers to distribute malware by disguising the malicious code as a genuine Microsoft update emerged. The screenshot was taken within Azure DevOps, a collaboration software created by Microsoft, and indicated that Bing, Cortana, and other projects had been compromised in the breach. Microsoft did not say how many potential customers were exposed by the misconfiguration, but in a separate post, SOCRadar, which describes the exposure as BlueBleed, puts the figure at more than 65,000. "On this query page, companies can see whether their data is published anonymously in any open buckets. Organizations can face big financial or legal consequences from violating laws or requirements. The company learned about the misconfiguration on September 24 and secured the endpoint. Though Microsoft would not reveal how many people were impacted, SOCRadar researchers claimed that 65,000 entities across 111 countries may have had their data compromised, which includes names, phone numbers, email addresses and content, company name, and attached files containing proprietary company information like proof of concept documents, sales data, product orders, and more. Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. Microsoft acknowledged the data leak in a blog post. October 20, 2022 2 minute read The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online - Thanks to a database misconfiguration - The researchers have dubbed the incident "BlueBleed." We want to hear from you. Microsoft also took issue with SOCRadar's use of the BlueBleed tool to crawl through servers to figure out what information, if any, may have been exposed as a result of security flaws or breaches. Among the targeted SolarWinds customers was Microsoft. A configuration issue allowed customers to download Offline Address Books which contained business contact information for employees of other users inadvertently. Dubbed BlueBleed Part 1, the Microsoft data leak exposed at least 2.4 terabytes of sensitive data belonging to 65,000 entities in 111 countries. Search can be done via metadata (company name, domain name, and email). Attackers gained access to the SolarWinds system, giving them the ability to use software build features. 2021. April 2022: Kaiser Permanente. Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. Learn four must-haves for multicloud data protection, including how an integrated solution provides greater scalability and protection across your multicloud and hybrid environment. on August 12, 2022, 11:53 AM PDT. The company revealed that information that may have been exposed as a result of the breach include names, email addresses, email content, company name, phone numbers, and other attached files, but Microsoft stopped short of revealing how many entities were impacted. NY 10036. The Allianz Risk Barometer is an annual report that identifies the top risks for companies over the next 12 months. However, an external security research firm who reported the issue to Microsoft, confirmed that they had accessed the data as a part of their research and investigation into the issue.". The issue arose due to misconfigured Microsoft Power Apps portals settings. Never seen this site before. SOCRadar described it as one of the most significant B2B leaks. Upon being notified of the misconfiguration, the endpoint was secured. Chuong's passion for gadgets began with the humble PDA. This field is for validation purposes and should be left unchanged. SOCRadar expressed "disappointment" over accusations fired by Microsoft. He has six years of experience in online publishing and marketing. A sophisticated attack on Microsoft Corp. 's widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before . Also, organizations can have thousands of sensitive documents, making manual identification and classification of data untenable because the process would be too slow and inaccurate. Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. 1. Microsoft released guidance on how to fully merge the Microsoft and Skype account data, giving users a solution. [ Read: Misconfigured Public Cloud Databases Attacked Within Hours of Deployment ]. LastPass, one of the world's most popular password managers, suffered a major data breach in 2022 that compromised users' personal data and put their online passwords and other . $1.12M Average savings of containing a data breach in 200 days or less Key cost factors Ransomware attacks grew and destructive attacks got costlier When you purchase through links on our site, we may earn an affiliate commission. SolarWinds is a major software company based in Tulsa, Okla., which provides system management tools for network and infrastructure monitoring, and other technical services to hundreds of thousands of organizations around the world. The company secured the server after being notified of the leak on September 24, 2022by security researchers at threat intelligence firm SOCRadar. Got a confidential news tip? As a result, the impact on individual companies varied greatly. That allowed them to install a keylogger onto the computer of a senior engineer at the company. Since sensitive data is everywhere, we recommend looking for a multicloud, multi-platform solution that enables you to leverage automation. Then, Flame returned a malicious executable file featuring a rogue certificate, causing the uninfected machine to download malware. Microsoft is investigating claims that an extortion-focused hacking group that previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal . Today's tech news, curated and condensed for your inbox. Security intelligence from around the world. Apples security trumps Microsoft and Twitters, say feds, LastPass reveals how it got hacked and its not good news, A beginners guide to Tor: How to navigate the underground internet.