Microsoft server crashed, information of 65,000 customers was exposed

Recently, Microsoft announced that one of their servers was misconfigured, leading to possible compromise. This somewhat silly mistake also caused some sensitive customer information to be exposed.

Immediately after receiving the notification of the leak on September 24, 2022 by security researchers at SOCRadar company, Microsoft implemented protection solutions for the aforementioned server.

“Misconfiguration has resulted in anyone having access (without authentication) to business transaction data that corresponds to interactions between Microsoft and potential customers, such as planning or potential implementation and delivery of Microsoft services,” Microsoft said.

“Our investigation found no indication that customer accounts or systems were compromised. We have notified affected customers directly.”

According to Microsoft, the information that has been exposed includes names, email addresses, email content, company names and phone numbers, as well as files related to business activities between customers and Microsoft.

The shareware giant added that this leak stemmed from an “inadvertent misconfiguration on an unused endpoint in the Microsoft ecosystem” and not a security flaw.

The leaked data is said to involve 65,000 customers worldwide. According to SOCRadar, data stored in files from 2017 to August 2022 contained sensitive information about customers from 111 countries around the globe.

(Refer to QTM)