BlueBleed – Azure Biggest Bucket Leak
Microsoft has confirmed a data spillage linked to a misconfigured server for a cloud storage service. The extent is argued.
Microsoft’s MSRC said information received about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.
The information included planning or potential implementation and provisioning of Microsoft services. Microsoft has secured the endpoint, which now can only be accessed through required authentication.
Researchers wrote that the misconfigured server exposed sensitive data including proof-of-execution and statement-of-work documents, user information, product offers and orders, project details, and PII.
Collectively referring to the leaks as BlueBleed, information leage from 6 large buckets across 123 countries. The information discovered 2.4TB of publicly available data that dated from 2017 to August this year with BlueBleed Part 1, including more than 335,000 emails, 133,000 projects, and 548,000 exposed users.
Microsoft disputed resesrchers description of the extent of the leak, which it said involved business transaction data like names, email address, email content, company names, and phone numbers and may also include attached files linked to business between a customer and Microsoft or an authorized Microsoft partner.
Microsoft also criticized for publicly releasing a search tool that it says does not ensure customer privacy or security and could expose organizations to risk.
Researchers said that the misconfigured servers are among the top causes of data leaks and, pointing to the SANS 2022 Top New Attacks and Threat Report, added that data exfiltration from cloud storage is a common attack avenue.
Moving to cloud with ease also comes with a consequence. Policies need to be checked, reassured regularly. Protection to be stringent.
This was published by researchers from SOCRadar.