Microsoft has claimed that cybersecurity firm SOCRadar exaggerated the scale and potential danger of exposed Microsoft customer data leaked from a misconfigured Azure Blob.
Azure Blob is a type of object storage developed by Microsoft for cloud-native workloads, archives, data lakes, high-performance computing, and machine learning.
The misconfiguration resulted in the potential for unauthorised access to business transaction data relating to prospective Microsoft customers. Microsoft said that there was no indication that customer accounts had been compromised.
The company added that the issue has been resolved and those impacted have been notified.
SOCRadar claims that data relating to over 65,000 organisations was at risk after its team found the exposed Azure Blob. It said it discovered links to other Blobs which could potentially compromise the sensitive data of over 100,000 organisations.
The company called this exposure “BlueBleed” and claimed it was one of the most significant leaks recorded in recent years. It released a BlueBleed search tool for organisations to use to see if they had been affected. It has now suspended the tool following the criticism from Microsoft.
In a blog post on its website, Microsoft said: “We appreciate SOCRadar informing us about the misconfigured endpoint, but after reviewing their blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue.”
It added: “Our in-depth investigation and analysis of the dataset shows duplicate information, with multiple references to the same emails, projects and users. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”
Responding the criticism, SOCRadar said: “What we aim for with the BlueBleed search engine is basically an enterprise version of Have I Been Pwned, where organisations can search if their data was exposed in some of the cloud data leaks our CSM [cloud security module] has detected so far.”
The firm added: “We are highly disappointed about MSRC’s comments and claims after all the cooperation and support provided by us that absolutely prevented the global cyber disaster.”
Latest News
-
Beermaker Asahi restarts production in Japan following cyberattack
-
BT to roll out 5G standalone to 99% of UK by 2030
-
Firefly acquires SciTec in deal worth $855m
-
Asos launches immersive video shopping on app
-
ECB taps Portuguese start-up to build AI fraud shield for digital euro
-
Samsung partners with Coinbase for crypto services
.png)
The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.
The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories