Dubbed BlueBleed Part 1, the Microsoft data leak exposed at least 2.4 terabytes of sensitive data belonging to 65,000 entities in 111 countries. From the article: Threat intelligence firm SOCRadar revealed on Wednesday that it has identified many misconfigured cloud storage systems, including six large buckets that stored information associated with 150,000 companies across 123 countries. The company learned about the misconfiguration on September 24 and secured the endpoint. Almost 2,000 data breaches reported for the first half of 2022. by Lance Whitney in Security. The threat intel company added that, from its analysis, the leaked data "includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property. Numerous government agencies including the Department of Defense, Department of Homeland Security, Department of Justice, and Federal Aviation Administration, among others were impacted by the attack. Microsoft data breach exposed sensitive data of 65,000 companies By Fionna Agomuoh October 20, 2022 Microsoft servers have been subject to a breach that might have affected over. (RTTNews) - Personal data of 38 million users were accidentally leaked due to a fault in Microsoft's (MSFT) Power Apps . Microsoft is facing criticism for the way it disclosed a recent security lapse that exposed what a security company said was 2.4 terabytes of data that included signed invoices and contracts . That allowed them to install a keylogger onto the computer of a senior engineer at the company. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error. Due to persistent pressure from Microsoft, we even have to take down our query page today, he added. The 10 Biggest Data Breaches Of 2022. Look for data classification technology solutions that allow auto-labeling, auto-classification, and enforcement of classification across an organization. According to Microsoft, the exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner. "More importantly, we are disappointed that SOCRadar has chosen to release publicly a 'search tool' that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk," Microsoft added in its response. Today's tech news, curated and condensed for your inbox. Microsoft releases Windows security updates for Intel CPU flaws, Microsoft PowerToys adds Paste as plain text and Mouse Jump tools, Microsoft Exchange Online outage blocks access to mailboxes worldwide, Windows 11 Moment 2 update released, here are the many new features, Microsoft Defender app now force-installed for Microsoft 365 users. Microsoft itself has not publicly shared any detailed statistics about the data breach. The tech giant announced in June 2021 that it found malware designed to steal information on a customer support agents computer, potentially allowing the hackers to access basic account information on a limited number of customers. The snapshot was of Azure DevOps, which is a collaboration software launched by Microsoft - it shared that Cortana, Bing, and other projects were compromised in the breach. Eduard holds a bachelors degree in industrial informatics and a masters degree in computer techniques applied in electrical engineering. Microsoft Breach - March 2022. Breaches of sensitive data are extremely costly for organizations when you tally data loss, stock price impact, and mandated fines from violations of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), or other regulations. New York, One main issue was the implementation of a sign sign-in system that allowed users to link their Microsoft and Skype accounts. In it, they asserted that no customer data had been compromised; per Microsofts description, only a single account was hijacked, and the companys security team was able to stop the attack before Lapsus$ could infiltrate any deeper into their organization. Microsoft confirmed the breach on March 22 but stated that no customer data had . The most recent Microsoft breach occurred in October 2022, when data on over 548,000 users was found on an misconfigured server. Microsoft (MSFT) has confirmed it was breached by the hacker group Lapsus$, adding to the cyber gang's growing list of victims. Hacker group LAPSUS$ - branded DEV-0537 in Microsoft's blog post . This field is for validation purposes and should be left unchanged. SOCRadar described it as "one of the most significant B2B leaks". Microsoft said that it does not believe that any data was improperly accessed prior to correcting the security flaw. However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. Below, youll find a full timeline of Microsoft data breaches and security incidents, starting with the most recent. Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. After all, people are busy, can overlook things, or make errors. A misconfigured Microsoft endpoint resulted in the potential for unauthenticated access to some business transaction data. 4Allianz Risk Barometer 2022:Cyber perils outrank Covid-19 and broken supply chains as top global business risk, Allianz Risk Barometer. Join this webinar to gain clear advice on the people, process and technology considerations that must be made at every stage of an OT security programs lifecycle. Bookmark theSecurity blogto keep up with our expert coverage on security matters. By SOCRadars account, this data pertained to over 65,000 companies and 548,000 users, and included customer emails, project information, and signed documents. These buckets, which the firm has dubbed BlueBleed, included a misconfigured Azure Blob Storage instance allegedly containing information on more than 65,000 entities in 111 countries. They are accountable for protecting information and sharing data via processes and workflows that enable protection, while also not hindering workplace productivity. Even though Microsoft's investigation revealed that no customer accounts or systems were compromised, the SOCRadar security researchers who notified Microsoft of its misconfigured server were able to link information directly back to 65,000 entities across 111 countries in file data composed between 2017 and 20222, according to a report on Bleeping Computer. Sensitive data is confidential information collected by organizations from customers, prospects, partners, and employees. Additionally, Microsoft had issue with the way that SOCRadar researchers handled their discovery of the breach by using a search tool to try to connect the data. In August 2021, word of a significant data leak emerged. Please provide a valid email address to continue. VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system. Ultimately, the responsibility of preventing accidental data exposure falls on the Chief Information Security Officer (CISO) and Chief Data Officer. The company has also been making a bigger push and investment in cybersecurity with its new Microsoft Security Experts program and integrating security intelligence into its Windows Defender tool. Almost 70,000 patients had their personal data compromised in a recent breach of Kaiser Permanente. The first few months of 2022 did not hold back. For example, through the flaw which was related to Internet Explorer 6, specifically attackers gained the ability to download malware onto a Google employees computer, giving them access to proprietary information. Read the executive summary Read the report Insights every organization needs to defend themselves Our technologies connect billions of customers around the world. In March 2013, nearly 3,000 Xbox Live users had their credentials exposed after participating in a poll and entering a prize draw. Get the best of Windows Central in your inbox, every day! At the end of the day, the problem doesn't seem to be in the platform itself, but in the way people use ut. In March, the hacker group Lapsus$ struck again, claiming to have breached Microsoft and shared screenshots taken within Azure DevOps, Microsoft's collaboration software. 3 How to create and assign app protection policies, Microsoft Learn. Microsoft did not say how many potential customers were exposed by the misconfiguration, but in a separate post, SOCRadar, which describes the exposure as BlueBleed, puts the figure at more than 65,000. Where should the data live and where shouldnt it live? If hackers gained access to that Skype password, they could effectively bypass the two-factor authentication, giving them access. This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand, Kron added. Hackers also had access relating to Gmail users. Apples security trumps Microsoft and Twitters, say feds, LastPass reveals how it got hacked and its not good news, A beginners guide to Tor: How to navigate the underground internet. Copyright 2023 Wired Business Media. LastPass, one of the world's most popular password managers, suffered a major data breach in 2022 that compromised users' personal data and put their online passwords and other . No data was downloaded. Misconfigured Public Cloud Databases Attacked Within Hours of Deployment, Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases, Microsoft Confirms NotLegit Azure Flaw Exposed Source Code Repositories, Industry Experts Analyze US National Cybersecurity Strategy, Critical Vulnerabilities Allowed Booking.com Account Takeover, Information of European Hotel Chains Customers Found on Unprotected Server, New CISA Tool Decider Maps Attacker Behavior to ATT&CK Framework, Dish Network Says Outage Caused by Ransomware Attack, Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products, 33 New Adversaries Identified by CrowdStrike in 2022, Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites, EPA Mandates States Report on Cyber Threats to Water Systems, Thousands of Websites Hijacked Using Compromised FTP Credentials, Organizations Warned of Royal Ransomware Attacks, White House Cybersecurity Strategy Stresses Software Safety, Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts, BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems, Advancing Women in Cybersecurity One CMOs Journey. It isnt known whether the information was accessed by cybercriminals before the issues were addressed. Some solution providers divorce productivity and compliance and try to merely bolt-on data protection. A post in M365 Admin Center, ignoring regulators and telling acct managers to blow off customers ain't going to cut it. February 21, 2023. Data leakage protection tools can protect sensitive documents, which is important because laws and regulations make companies accountable. Sorry, an error occurred during subscription. However, its close to impossible to handle manually. Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsofts verified publisher status. Windows Central is part of Future US Inc, an international media group and leading digital publisher. Microsoft Digital Defense Report 2022 Illuminating the threat landscape and empowering a digital defense. Learn more below. The unintentional misconfiguration was on an endpoint that was not in use across the Microsoft ecosystem and was not the result of a security vulnerability. This misconfiguration resulted in unauthenticated access to some business transaction data, it says. We really want to hear from you, and were looking forward to seeing you at the event and in theCUBE Club. (Joshua Goldfarb), Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. If there's a cyberattack, hack, or data breach you should know about, then we're on it. As Microsoft continued to investigate activities relating to the SolarWinds hackers which Microsoft dubbed Nobelium it determined that additional systems had been compromised by the attackers. BidenCash market leaks over 2 million stolen credit cards for free, White House releases new U.S. national cybersecurity strategy, Chick-fil-A confirms accounts hacked in months-long "automated" attack, BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11, The Week in Ransomware - March 3rd 2023 - Wide impact attacks, Brave Search launches AI-powered summarizer in search results, FBI and CISA warn of increasing Royal ransomware attack risks, Remove the Theonlinesearch.com Search Redirect, Remove the Smartwebfinder.com Search Redirect, How to remove the PBlock+ adware browser extension, Remove the Toksearches.xyz Search Redirect, Remove Security Tool and SecurityTool (Uninstall Guide), How to remove Antivirus 2009 (Uninstall Instructions), How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo, How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller, Locky Ransomware Information, Help Guide, and FAQ, CryptoLocker Ransomware Information Guide and FAQ, CryptorBit and HowDecrypt Information Guide and FAQ, CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ, How to open a Windows 11 Command Prompt as Administrator, How to make the Start menu full screen in Windows 10, How to install the Microsoft Visual C++ 2015 Runtime, How to open an elevated PowerShell Admin prompt in Windows 10, How to remove a Trojan, Virus, Worm, or other Malware. When you purchase through links on our site, we may earn an affiliate commission. As mentioned earlier, data discovery requires locating all the places where your sensitive data is stored. The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users. Sensitive data can live in unexpected places within your organization. : +1 732 639 1527. The credentials allowed the hackers to view a limited dataset, including email addresses, subject lines, and folder names. Also, consider standing access (identity governance) versus protecting files. The 68 Biggest Data Breaches (Updated for November 2022) Our updated list for 2021 ranks the 60 biggest data breaches of all time . In May 2016, security experts discovered a data cache featuring 272.3 million stolen account credentials. Jay Fitzgerald. Attackers typically install a backdoor that allows the attacker . 21 HOURS AGO, [the voice of enterprise and emerging tech]. Besideswhat wasfound inside Microsoft's misconfigured server, BlueBleed also allows searching for data collected from five otherpublic storage buckets. In total, SOCRadar claims it was able to link this sensitive information to more than 65,000 entities from 111 countries stored in files dated from 2017 to August 2022. In this case, Microsoft was wholly responsible for the data leak. Additionally, the configuration issue involved was corrected within two hours of its discovery. They also can diminish the trust of those who become the victims of identity theft, credit card fraud, or other malicious activities as a result of those breaches. Eduard Kovacs March 23, 2022 Microsoft and Okta have both confirmed suffering data breaches after a cybercrime group announced targeting them, but the companies claim impact is limited. According to the security firm the leak, dubbed "BlueBleed I", covers data from 65,000 "entities" in 111 countries, from between 2017 and August 2022. Instead of finding these breaches out by landing on a page by accident or not, is quite concerning He graduated from the University of Virginia with a degree in English and History. In July 2021, the Biden administration, along with the FBI, accused China of the data breach. Once its system was impacted, additional hacking activity occurred through its systems, allowing the attackers to reach Microsoft customers as a result. A security lapse left an Azure endpoint available for unauthenticated access in the incident, termed "BlueBleed." See More . "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster.". You will receive a verification email shortly. In April 2019, Microsoft announced that hackers had acquired a customer support agents credentials, giving them access to some webmail accounts including @outlook.com, @msn.com, and @hotmail.com accounts between January 1, 2019, and March 28, 2019. One thing is clear, the threat isn't going away. January 17, 2022. Scans for data will pick up those surprise storage locations. In August 2021, security professionals at Wiz announced that they were able to access customer databases and accounts housed on Microsoft Azure a cloud-based computing platform including records and data relating to many Fortune 500 companies. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. Click here to join the free and open Startup Showcase event. Upon being notified of the misconfiguration, the endpoint was secured. Successfully managing the lifecycle of data requires that you keep data for the right amount of time. Microsoft disputed SOCRadar's claims and fired back at the researchers stating that their estimations are over-exaggerated. "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster." The biggest cyber attacks of 2022. This blog describes how the rule is an opportunity for the IT security team to provide value to the company. It confirms that it was notified by SOCRadar security researchers of a misconfigured Microsoft endpoint on Sept. 24, 2022. Microsoft has criticised security firm SOCRadar for "exaggerating" the extent of the data leak and for making a search tool that allows organisations to see if their data was exposed. Data Breach Response: Microsoft determines appropriate priority and severity levels of a breach by investigating the functional impact, recoverability, and information impact of the incident. 9. Hey Sergiu, do you have a CVE for this so I can read further on the exposure? Data leakage protection is a fast-emerging need in the industry. "Our team was already investigating the. "No data was downloaded. In June 2012, word of a man-in-the-middle attack that allowed hackers to distribute malware by disguising the malicious code as a genuine Microsoft update emerged. The Allianz Risk Barometer is an annual report that identifies the top risks for companies over the next 12 months. . There was a problem. The company said the leak included proof-of-execution (PoE) and statement of work (SoW) documents, user information, product orders and offers, project details, and personal information. Considering the potentially costly consequences, how do you protect sensitive data? Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. The total damage from the attack also isnt known. "Our investigation found no indication customer accounts or systems were compromised. In a year of global inflation and massive rises in energy costs, it should come as no surprise that the cost of a data breach has also reached . Loading. In a revelation this week, Microsoft's Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 . October 20, 2022 2 minute read The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online - Thanks to a database misconfiguration - The researchers have dubbed the incident "BlueBleed." The most common Slack issues and how to fix them, ChatGPT: how to use the viral AI chatbot that everyones talking about, 5 Windows 11 settings to change right now, Cybercrime spiked in 2022 and this year could be worse, New Windows 11 update adds ChatGPT-powered Bing AI to the taskbar. And you dont want to delete data too quickly and put your organization at risk of regulatory violations. On March 20, 2022, the hacker group Lapsus$ posted a screenshot to their Telegram channel indicating that they had breached Microsoft. Duncan Riley. At 44 percent, cyber incidents ranked higher than business interruptions at 42 percent, natural catastrophes at 25 percent, and pandemic outbreaks at 22 percent.4. Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. After classifying data as confidential or highly confidential, you must protect it against exposure to nefarious actors. Microsoft exposed some of its customers' names, email addresses, and email content, among other sensitive data. Microsoft is investigating claims that an extortion-focused hacking group that previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal . In January 2010, news broke of an Internet Explorer zero-day flaw that hackers exploited to breach several major U.S. companies, including Adobe and Google. Microsoft is another large enterprise that suffered two major breaches in 2022. Posted: Mar 23, 2022 5:36 am. How do organizations identify sensitive data at scale and prevent accidental exposure of that data? Microsoft asserted that there was no data breach on their side, claiming that hackers were likely using stolen email addresses and password combinations from other sources to access accounts. August 25, 2021 11:53 am EDT. The SOCRadar researchers also note that the leaking data on the Azure Blob Storage instance totaled 2.4 terabytes and included proof-of-execution and statement-of-work documents, including some that may reveal intellectual property. In December 2010, Microsoft announced that Business Productivity Online Suite (BPOS) a cloud service customers data was accessible to other users of the software. The intrusion was only detected in September 2021 and included the exposure and potential theft of . IBM found that the global average cost of a data breach in 2022 was the highest ever since the dawn of conducting these reports. Then, Flame returned a malicious executable file featuring a rogue certificate, causing the uninfected machine to download malware. Search can be done via metadata (company name, domain name, and email). Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking. Was yours one of the billions of records stolen through breaches in recent years? Microsoft data breach exposes customers contact info, emails. Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox. January 31, 2022. However, it wasnt clear if the data was subsequently captured by potential attackers. Also, organizations can have thousands of sensitive documents, making manual identification and classification of data untenable because the process would be too slow and inaccurate. Redmond added that the leak was caused by the "unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem" and not due to a security vulnerability. In February 2022, News Corp admitted server breaches way back to February 2020. While the bulk was for a Russian email service, approximately 33 million about 12 percent of the total stash were for Microsoft Hotmail accounts. The fallout from not addressing these challenges can be serious. Lapsus$ Group's Extortion Rampage. It can be overridden too so it doesnt get in the way of the business. Microsoft confirmed that a misconfigured system may have exposed customer data. Never seen this site before. The business transaction data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. Microsoft hasn't shared any further details about how the account was compromised but provided an overview of the Lapsus$ group's tactics, techniques and procedures, which the company's Threat. whatsapp no. At the time, the cache was one of the largest ever uncovered, and only came to light when a Russian hacker discussed the collected data on an online forum. by In some cases, it was employee file information. (Torsten George), The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. Lapsus took to social media to post a screen capture of the attack, making it clear that its team was deserving of what it considers . In a lengthy blog post, Microsofts security team described Lapsus$ as a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements. They go on to describe the groups tactics in great detail, indicating that Microsoft had been studying Lapsus$ carefully before the incident occurred.
Forsgate Country Club Dining, Articles M