Microsoft Confirms Customer Data Leak but Disputes Scope
upstart writes:
Microsoft confirms customer data leak but disputes scope:
Microsoft has confirmed a data leak linked to a misconfigured server for a cloud storage service but is disputing the extent of the problem.
In a revelation this week, Microsoft's Security Response Center (MSRC) said the cloud provider was notified by threat intelligence firm SOCRadar on September 24 about the misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and customers.
The information included planning or potential implementation and provisioning of Microsoft services, according to MSRC. Once notified, Microsoft secured the endpoint, which now can only be accessed through required authentication.
"Our investigation found no indication customer accounts or systems were compromised," the unit wrote. "We have directly notified the affected customers."
However, in a report also released this week, SOCRadar researchers wrote that the misconfigured server exposed sensitive data including proof-of-execution and statement-of-work documents, user information, product offers and orders, project details, and personally identifiable information (PII).
The documents may have also revealed intellectual property, they claim.
Read more of this story at SoylentNews.