Microsoft has disclosed that the sensitive data of some of its customers was exposed by a misconfigured Microsoft server.  The industry has dubbed this data leak BlueBleed.

Quick highlights:

  • On 24 September 2022 an independent security firm (SOCRadar) discovered a misconfigured Microsoft Azure blob storage. They notified Microsoft who secured the server on the same day.
  • The misconfiguration resulted in the potential for unauthenticated access to some business transaction data.
  • Microsoft has advised the data corresponded to interactions between “Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services”
  • More specifically the exposed data includes names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft Partner.
  • The data exposed was from 2017 to August 2022 and impacted more than 65,000 entities from 111 countries.
  • At this stage it is not clear if bad actors accessed the exposed server.
  • After discovering the misconfiguration, SOCRadar, set up a search tool which allowed organisations to determine if their data had been exposed.

While the industry believes that SOCRadars search tool accurately indicates whether your organisations data has been exposed, Microsoft has condemned the creation of the tool. They believe that SOCRadar has “greatly exaggerated” the scope of the leak and has questioned the impact of the tool on customer privacy and security.

What does it mean for you?

Considering the nature of the event and the type of data exposed we believe that for the very large majority of NZ organisations, the risk of their data being exposed is LOW. It is a timely reminder however that even the big boys can make mistakes.