Global Data Breach May Have Affected 65,000 Companies

Security personnel at SOCRadar alerted Microsoft about a misconfigured endpoint that exposed customer information in September. Microsoft corrected the error, but didn’t disclose the number of customers impacted. SOCRadar researchers estimate that 65,000 entities in 111 countries may have had data compromised, including names, phone numbers, email addresses and content, company name, and attached files containing proprietary company information like proof of concept documents, sales data, product orders, and more. Microsoft insists those figures are exaggerated, and took issue with SOCRadar’s use of the BlueBleed tool to crawl through servers to figure out what information may have been exposed. SOCRadar says it does not keep any data it encounters in that process. In a blog, Microsoft announced that the “misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” and expressed its disappointment with SOCRadar for exaggerating the scope of the issue.