Article 64YX6 Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious

Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious

by
Dan Goodin
from Ars Technica - All content on (#64YX6)
GettyImages-887922-001-800x588.jpg

Enlarge (credit: Getty Images)

Microsoft is facing criticism for the way it disclosed a recent security lapse that exposed what a security company said was 2.4 terabytes of data that included signed invoices and contracts, contact information, and emails of 65,000 current or prospective customers spanning five years.

The data, according to a disclosure published Wednesday by security firm SOCRadar, spanned the years 2017 to August 2022. The trove included proof-of-execution and statement of work documents, user information, product orders/offers, project details, personally identifiable information, and documents that may reveal intellectual property. SOCRadar said it found the information in a single data bucket that was the result of a misconfigured Azure Blob Storage.

Microsoft can't, or Microsoft won't?

Microsoft posted its own disclosure on Wednesday that said the security company greatly exaggerated the scope of this issue" because some of the exposed data included duplicate information, with multiple references to the same emails, projects, and users." Further using the word issue" as a euphemism for leak," Microsoft also said: The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability."

Read 9 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments