Microsoft leaked customer data via a misconfigured server. This includes business transaction data, such as names, email addresses, email content, company name, phone numbers, and files related to business between customers and Microsoft or an authorized Microsoft partner. Due to the error on the part of the tech company, the customer data was accessible to everyone on the internet without any login details.
Security company SOCRadar discovered the server and warned Microsoft. The tech company speaks of an "unintentional misconfiguration" and states that the data breach did not lead to compromised customer accounts or systems. All affected customers have now been informed, according to Microsoft, that is not pleased with the way in which SOCRadar reports about the data breach and offers a search tool with which organizations and companies can see whether they have been affected.
According to the security firm, the misconfigured server contained 2.4 terabytes of data from 65,000 entities in 111 countries. This involved 335,000 emails, information about 133,000 projects and data from 548,000 users. This concerns, for example, invoices, signed customer documents, sales strategies, price lists, product orders and documents.
SOCRadar claims it is one of the largest B2B data breaches in recent years and has even given it the name "BlueBleed". Microsoft believes that the size of the data breach is grossly exaggerated. For example, the figures that the security company mentions would not be correct. SOCRadar also offers a search tool with which organizations can check whether they are part of the data breach. Microsoft argues that this tool is not in the best interests of customers' privacy and security and exposes them to unnecessary risks. The server in question is now secured.