Microsoft data breach exposed sensitive data of 65,000 companies

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

Having been made aware of the breach on September 24, 2022, Microsoft released a statement saying it had secured the comprised endpoint, which is “now only accessible with required authentication,” and that an investigation “found no indication customer accounts or systems were compromised.”

The company also stated that it has directed contacted customers that were affected by the breach.

However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. The security firm noted that while Microsoft might have taken swift action on fixing the misconfigured server, its research was able to connect the 65,000 entities uncovered to a file data composed between 2017 and 20222, according to Bleeping Computer.

Microsoft has not been pleased with SOCRadar’s handling of this breach, having stated that encouraging entities to use its search tool “is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”

The research firm insists that it has not overstepped any privacy protocols in its work and none of the information it uncovered was saved on its end.

“No data was downloaded. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems,” SOCRadar VP of Research and CISO Ensar Şeker told BleepingComputer.

“We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. Search can be done via metadata (company name, domain name, and email). Due to persistent pressure from Microsoft, we even have to take down our query page today,” he added.

Microsoft itself has not publicly shared any detailed statistics about the data breach.

Latest posts

Ditch the bulky watch at night, as Garmin launches its dedicated sleep band

Garmin launched its new smart band, the Index Sleep Monitor.

Amazon Prime Day 2025: dates CONFIRMED, plus early deals and what to expect

Amazon's biggest sale of the year has been announced, and I'm gathering all of the info you need to prepare,

Samsung’s long-awaited XR headset may finally have a launch date

Samsung's XR headset will allegedly launch sometime in September, during Samsung's domestic unpacked event.

Google app could level up with this powerful AI feature for Android users

The latest Google app update introduces a new video analysis feature for Gemini, similar to ChatGPT. Users can upload videos

Google’s new Veo 3 could land on YouTube Shorts this summer

YouTube's CEO confirmed Google's Veo 3 model is headed for Shorts this summer.

We called this phone ‘incredibly gorgeous’ two years ago, and now it’s over 50% OFF at Best Buy

Best Buy is carving an outstanding $450 off the Motorola Edge Plus (2023), one of our favorite Moto phones in

Samsung’s next Unpacked event may be around the corner, leak suggests

Prominent tipster Evan Blass took to X to state that Samsung's summer Galaxy Unpacked will be held on July 9,

Google’s new update lets you have a real voice chat with Search

Google is testing voice chats in Search that talk with you in real time.

Rokid’s new AR glasses are basically a laptop you wear on your face

Rokid’s AR Spatial glasses want to turn wherever you are into your own personal work-and-play zone.

Craig Federighi Explains Why Apple Won’t Merge iPad and Mac: ‘We Don’t Want to Build Sporks’

MacStories' Federico Vittici, who is known for his focus on the iPad as a main computing device, recently did an