News

Microsoft reveals 2.4 terabytes of critical data, doubts about how to communicate

Microsoft He was overwhelmed with criticism of The way you reported it shows 2.4TB of important data Including invoices, contracts, project details, and documents that may reveal intellectual property and personal information of 65,000 customers in 111 countries between 2017 and 2022.

The reason for publishing will be because of a Microsoft endpoint is incorrectly configuredSo Not for a security hole As in the case you recently participated in Exchange. This puts the data at risk, making it Possibly available for theft By third parties:This configuration is incorrect“, explains the Redmond Company,”led to potentially unauthorized access to some company transaction data corresponding to interactions between Microsoft and potential customers“.

The endpoint was patched shortly after the call that researchers from security firm SOCRadar sent to Microsoft. It can now be accessed again only through authentication. “Our investigation found no indication that customer accounts or systems had been compromised. We have notified affected customers directlyThe Redmond Company explained.

BlueBleed is the term coined by SOCRadar to mean “Collectively leaked sensitive information from six misconfigured buckets”. Specifically, we describe here data exposure caused by incorrectly configured Azure Blob storage.

Excellent work done by SOCRadar, thus, which, however, is not fully appreciated by Microsoft, which it criticizes as “problem“was it I mentioned in an exaggerated way.

We are disappointed that SOCRadar exaggerated the numbers involved in this issue even after pointing out their error.

Microsoft says that the data disclosed includes “Duplicate information, with multiple mentions of the same emails, projects and users“For this reason, the data exposed will be significantly less than that reported by the IT security company.

still:

We are also disappointed that SOCRadar has chosen to publicly publish a search tool which is not the best way to ensure customers’ privacy or security by exposing them to unnecessary risks.

What did not go down for many is The way Microsoft wanted to communicate the truthWithout going into the technical merits of what happened, it is preferable to file a complaint about the work of the security company SOCRadar. Even a Microsoft customer is requesting information regarding any of its data that has been disclosed.”We cannot provide the specific data affected by this issue“.

Another criticism of Satya Nadella’s concerns Use the message center to communicate To those affected: This is a tool that not all administrators have access to, and therefore some of them may not be informed.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button