Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen OC_Formula for the clue delivery! October 21, according to foreign media reports, SOCRadar, a network security provider, recently informed Microsoft of a major data leak, claiming that sensitive data from more than 2.4TB customers had been leaked and 65000 companies were affected. Microsoft has admitted this, but argued that SOCRadar "exaggerated the scope and severity of the leak".

SOCRadar said that on September 24, 2022, its built-in cloud security module detected an Azure Blob storage configuration error maintained by Microsoft, which contained sensitive data from a well-known cloud provider. The analysis shows that the leaked data include PoE and SOW documents, user information, product orders / quotes, project details, personally identifiable information (PII) data, and documents that may disclose intellectual property rights.

SOCRadar disclosed that the problems led to the disclosure of large amounts of data for 65000 affected companies, including names, email addresses, email content, company names and phone numbers, as well as business documents with affected customers and Microsoft or Microsoft authorized partners. Some of these documents date between 2017 and August 2022, with a time span of five years. These companies are headquartered in 111 countries and regions.

SOCRadar uses the dedicated data leak search portal BlueBleed, which allows companies to confirm whether their sensitive information is exposed to leaked data. SOCRadar claims that 2.4TB data containing sensitive information was found on Microsoft servers alone, and that more than 335000 emails, 133000 projects and 548000 user names were found when analyzing the leaked files.

"criminals may use this information in different ways to blackmail, create social engineering strategies with exposed information, or simply sell information to the highest bidder on dark networks and Telegraph channels," SOCRadar warned.

Microsoft responded on Thursday, saying SOCRadar "exaggerated the scope and severity of the leak." Because much of the exposed data includes "repetitive information, multiple references to the same email, project, and user". In addition, Microsoft said the problem was caused by an unintentional misconfiguration on a terminal that was not used throughout the Microsoft ecosystem and was not a security breach.

Microsoft's posts lack key details, such as a more detailed description of the leaked data, or how many current or potential customers Microsoft believes have been affected. In addition, the post accused SOCRadar of using numbers that Microsoft considered inaccurate. When an affected customer contacted Microsoft to ask whether its company's data had been leaked, Microsoft replied: "We cannot provide data on the specific impact."

In addition, Microsoft condemned SOCRadar's practice of collecting data and using dedicated search portals to search, saying it was "not in the best interest of ensuring customers' privacy or security and may expose them to unnecessary risks". The company's support team also told customers that it would not report the matter to data regulators.

Critics have also criticized the way Microsoft notifies affected customers directly. The company contacted the affected entities through a message center, an internal messaging system that Microsoft uses to communicate with administrators, and not all administrators have access to this tool, making it possible that some notifications cannot be seen.

Kevin Beaumont, an independent researcher, wrote on Twitter: "Microsoft cannot refuse to tell customers that the data has been stolen and clearly did not notify regulators, and there is clearly a major flaw in this response."

In addition to criticism of Microsoft's disclosure of secrets, the incident also raised questions about Microsoft's data retention policy. In general, data from many years ago are more useful to potential criminals than the companies that hold them. In this case, the best approach is usually to destroy the data on a regular basis.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.