Misconfigured Microsoft storage endpoint secured.
N2K logoOct 20, 2022

Microsoft finds and fixes a misconfigured storage endpoint that had exposed some business data to the Internet.

Misconfigured Microsoft storage endpoint secured.

Microsoft has released the results of its investigation into a misconfigured Microsoft storage endpoint, which exposed “some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.” Microsoft has since secured the server.

“The business transaction data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability. We are working to improve our processes to further prevent this type of misconfiguration and performing additional due diligence to investigate and ensure the security of all Microsoft endpoints.”

Issues over disclosure.

The company was notified of the misconfiguration by researchers at SOCRadar. Microsoft thanked SOCRadar for bringing the issue to their attention, but criticized the security firm’s handling of the disclosure:

“We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.

“More importantly, we are disappointed that SOCRadar has chosen to release publicly a ‘search tool’ that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”

Industry comment on the incident.

Added, 10.20.22.

Amit Shaked, CEO and co-founder of Laminar, wrote to point out that, not only is no one perfect, but that, given such imperfection, it's important to know where your data are:

“This incident serves as a critical reminder for business leaders to ask: where is our sensitive data? The shift to the cloud over the past few years has created a landscape for organizations to have data stores everywhere and unfortunately, many companies do not know where their sensitive data is located in the cloud. This unknown or “shadow” data is growing, and is a top concern for 82% of data security professionals. 

"To safeguard against a majority of today’s cyber threats, organizations must have complete observability of their data. With monitoring and control of valuable data, enterprises will have the clarity they need to keep-up with today’s fast-paced, cloud environment."

Arti Raman, CEO and founder of Titaniam, pointed out that this could have happened to anyone. "When it comes to data breaches the reality is that this could be any of us," she wrote. "With over 65% of attacks rooted in some type of human compromise, attackers can find a foothold in the best-defended enterprises." She went on to draw lessons about cooperative defense:

"So the first response we must have as a community is empathy. After this, it can be very productive to collaborate with the broader community on best practices so that all can benefit from each other's experiences and help build up attack resistance as a community. From the work Titaniam has done in this space, we have found that cyberattack immunity is a three-part solution. Leaving out any of the three creates high risk and exposure. First, enterprises must look into prevention and detection solutions so that attacks can be stopped before they execute or can be identified before infection spreads. Second, data security focused on preventing large-scale data exfiltration. This can be achieved through encryption at rest, in transit, and most importantly, encryption-in-use. Encryption-in-use is an extremely powerful new technology that dramatically reduces ransomware, extortion, and other data-related attacks. Finally, the third piece is backup and recovery so that even if attackers successfully bring down systems, these can be recovered without expensive payouts. Implementing a three-part defense helps significantly neutralize attacker leverage."