Tens of thousands of companies and their employees around the world suffered as a result of a data leak from one of Microsoft's servers. Due to improper server configurations, anyone could access the 2.4 terabytes of user information stored on the server over the Internet.
According to Bleepingcomputer, the information on the server included names, addresses and email content, company names and phone numbers, as well as files related to business between customers and Microsoft or an authorized company partner.
According to SOCRadar, which has the BlueBleed data leak search portal, the Microsoft server leak allegedly affected data from 65,000 organizations and users in 111 countries. The files stored on the server were dated from 2017 to August 2022.
SOCRadar claims that 2.4 TB of data containing sensitive information was discovered on the Microsoft server: more than 335,000 emails, 133,000 projects and unprotected data from 548,000 users.
The discovered files include customer emails, SOW documents, product proposals, POC (Proof of Concept), partner ecosystem details, invoices, project details, customer product price lists, POE documents, product orders, signed documents, sales strategies and customer asset documents.
SOCRadar experts warn that attackers who gain access to such information can use it for extortion, blackmail, creating some social engineering tactics, or simply selling the information to the highest bidder on the darknet and Telegram channels.
Microsoft itself says that the company's investigation found no indication that customer accounts or systems on the vulnerable server were indeed compromised.
Moreover, the company claims that SOCRadar grossly exaggerated the scope of the problem when referring to 65,000 affected companies. According to the company, data analysis shows duplicate information with multiple links to the same emails, projects and users. However, Microsoft did not give its figure.
The company added that the leak was not related to any security vulnerability - it was caused solely by a server misconfiguration.