One of the most significant security holes in the internet! The data breach at Microsoft exposed the private information of 65,000 businesses. This information is currently circulating, and since Microsoft was the target of an attack with a breach, the data of 65,000 firms from 111 countries were compromised as a result. The research company SOCRadar was the source of this information’s disclosure.
After this, SOCRadar informed the company on September 24 of its findings, which included the revelation that the organization’s Azure Blob Storage had been breached, resulting in the exposure of 2.4 terabytes of data. This data includes names, phone numbers, and email addresses, as well as the names of companies, attached private information, and documents, among other things.
Additionally, Microsoft issued a statement claiming that it has secured the vulnerable section of the network.
“Access to this endpoint is currently restricted to only those who have successfully passed the required authentication, and our investigation revealed no evidence that any customer accounts or systems were compromised.”
Microsoft data breach leaked data of companies
Even though Microsoft appeared to be in good shape, SOCRadar made the BlueBlees Searchy Portal available to Microsoft customers so that they could determine for themselves whether or not they were affected. There is no doubt that Microsoft moved quickly to update the problematic server, but despite their efforts, 65,000 entities were already found to be vulnerable between the years 2017 and 2022.
On the other hand, Microsoft is not pleased with how SOCRadar has handled this issue. Additionally, it stated that:
“encouraging companies to utilise its search tool is not in the best interest of maintaining customer privacy or security and could potentially expose them to undue danger.” [Citation needed] “encouraging entities to use its search tool.”
The study team has stated, in response to this question, that they have not violated any privacy protocols, and that not a single piece of information has been exposed due to their actions.
In this particular situation, SOCRadar Vice President of Research and Chief Information Security Officer Ensar Eker stated:
“There was no download of any data. Some of the data were crawled by our engine, but in accordance with what we promised Microsoft, no data has been shared as of yet, and all of this crawled data has been deleted from our systems. We also direct all of our customers to the MSRC (Microsoft 365 Admin Center Alert) if they wish to view the original data. Search can be done using metadata (company name, domain name, and email). Because Microsoft continues to exert a great deal of pressure on us, we have no choice but to remove our query page now.”
Since Microsoft itself has not provided any information on this matter up until this point, all credit goes to SOCRadar for bringing it to our attention.
