SOCRadar said the exposed data belonged to Microsoft and it totaled 2.4 Tb of files collected between 2017 and August 2022. In a blog post late Tuesday, Microsoft said Lapsus$ had. This incident came to light in January 2021 when a security specialist noticed some anomalous activity on a Microsoft Exchange Server operated by a customer namely, that an odd presence on the server was downloading emails. Hopefully, this will help organizations understand the importance of data security and how to better allocate their security budgets. Considering the potentially costly consequences, how do you protect sensitive data? It's Friday, October 21st, 2022. "Our investigation found no indication customer accounts or systems were compromised. See More . In October 2017, word broke that an internal database Microsoft used to track bugs within Microsoft products and software was compromised back in 2013. January 25, 2022. Read our posting guidelinese to learn what content is prohibited. Microsoft exposed some of its customers' names, email addresses, and email content, among other sensitive data. 'Xbox will exist' if Activision Blizzard deal falls through, says Microsoft's Phil Spencer, A London musician recorded with Muse and Phil Collins, now he's co-producing with ChatGPT, Windows Central Podcast #301: Windows 11, Xbox, Bing. On February 21, Activision acknowledged that they suffered a data breach in December 2022, after a hacker tricked an employee via an SMS phishing attack. Data discovery, data classification, and data protection strategies can help you find and better protect your companys sensitive data. Like many underground phenomena on the internet, it is poorly understood and shrouded in the sort of technological mysticism that people often ascribe to things like hacking or Bitcoin. After classifying data as confidential or highly confidential, you must protect it against exposure to nefarious actors. Additionally, it wasnt immediately clear who was responsible for the various attacks. SOCRadar uses its BlueBleed tool to crawl through compromised systems to find out what information can readily be obtainable and accessible by malicious actors. January 31, 2022. Instead, we recommend an approach that integrates data protection into your existing processes to protect sensitive data. The screenshot was taken within Azure DevOps, a collaboration software created by Microsoft, and indicated that Bing, Cortana, and other projects had been compromised in the breach. The threat intel company added that, from its analysis, the leaked data "includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property. Dubbed BlueBleed Part 1, the Microsoft data leak exposed at least 2.4 terabytes of sensitive data belonging to 65,000 entities in 111 countries. The screenshot posted to their Telegram channel showed that Bing, Cortana, and other projects had been compromised in the attack. ", Furthermore, Redmond said that SOCRadar's decision to collect the data and make it searchable using a dedicated search portal "is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk. News Corp asserted that no customer data was stolen during the breach, and that the company's everyday work wasn't hindered. However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. While the internet has dramatically expanded the ability to share knowledge, it has also made issues of privacy more complicated. The database contained records collected dating back as far as 2005 and as recently as December 2019. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedias security news reporter. Microsoft data breach exposed sensitive data of 65,000 companies By Fionna Agomuoh October 20, 2022 Microsoft servers have been subject to a breach that might have affected over. The full scope of the attack was vast. After digging deeper, the specialist noticed more unexpected activities, including requests relating to specific emails and for confidential files. Leveraging security products that enable auto-labeling of sensitive data across an enterprise is one method, among several that help overcome these data challenges. Microsoft has confirmed that it inadvertently exposed information related to prospective customers, but claims that the company which reported the incident has exaggerated the numbers. 3. Thu 20 Oct 2022 // 15:00 UTC. Sensitive data can live in unexpected places within your organization. "More importantly, we are disappointed that SOCRadar has chosen to release publicly a 'search tool' that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk," Microsoft added in its response. That leads right into data classification. We really want to hear from you, and were looking forward to seeing you at the event and in theCUBE Club. After SCORadar flagged a Microsoft data breach at the end of October, the company confirmed that a server misconfiguration had caused 65,000+ companies' data to be leaked. In it, they asserted that no customer data had been compromised; per Microsofts description, only a single account was hijacked, and the companys security team was able to stop the attack before Lapsus$ could infiltrate any deeper into their organization. This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations networks.. Sensitive data is confidential information collected by organizations from customers, prospects, partners, and employees. The SOCRadar researchers also note that the leaking data on the Azure Blob Storage instance totaled 2.4 terabytes and included proof-of-execution and statement-of-work documents, including some that may reveal intellectual property. This email address is currently on file. Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox. Trainable classifiers identify sensitive data using data examples. Of an estimated 294 million people hacked in 2021, about 164 million were at risk because of data exposure eventswhen sensitive data is left vulnerable online.3. Microsofts investigation found no indication that accounts or systems were compromised but potentially affected customers were notified. Breaches of sensitive data are extremely costly for organizations when you tally data loss, stock price impact, and mandated fines from violations of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), or other regulations. In Microsoft's server alone, SOCRadar claims to have found2.4 TB of data containing sensitive information, withmore than 335,000 emails, 133,000 projects, and 548,000 exposed users discovered while analyzing the leaked files until now. : +1 732 639 1527. The most recent Microsoft breach occurred in October 2022, when data on over 548,000 users was found on an misconfigured server. For instance, you may collect personal data from customers who want to learn more about your services. The IT giant confirmed by stating that the hacker obtained "limited access" from one account, which Lapsus$ compromised. New York, The unintentional misconfiguration was on an endpoint that was not in use across the Microsoft ecosystem and was not the result of a security vulnerability. Click here to join the free and open Startup Showcase event. How do organizations identify sensitive data at scale and prevent accidental exposure of that data? Additionally, Microsoft hadnt planned to release a patch until the next scheduled major update for Internet Explorer, though it ultimately had to accelerate its plan when attackers took advantage of the vulnerability. A security lapse left an Azure endpoint available for unauthenticated access in the incident, termed "BlueBleed." Additionally, we found that no customer accounts and systems were compromised due to unrestricted access. It isnt clear how many accounts were impacted, though Microsoft described it as a limited number. Additionally, the tech giant asserted that email contents and attachments, as well as login credentials, were not compromised in the hack. Bako Diagnostics' services cover more than 250 million individuals. The company has also been making a bigger push and investment in cybersecurity with its new Microsoft Security Experts program and integrating security intelligence into its Windows Defender tool. October 2022: 548,000+ Users Exposed in BlueBleed Data Leak Microsoft is facing criticism for the way it disclosed a recent security lapse that exposed what a security company said was 2.4 terabytes of data that included signed invoices and contracts . 9. Loading. Then, Flame returned a malicious executable file featuring a rogue certificate, causing the uninfected machine to download malware. The data classification process involves determining datas sensitivity and business impact so you can knowledgeably assess the risks. Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsofts verified publisher status. Future US, Inc. Full 7th Floor, 130 West 42nd Street, Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems," SOCRadar VP of Research and CISO Ensar eker told BleepingComputer. Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place. Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. Microsoft confirmed the breach on March 22 but stated that no customer data had . He has six years of experience in online publishing and marketing. Microsoft uses the following classifications: Identifying data at scale is a major challenge, as is enforcing a process so employees manually mark documents as sensitive. In a revelation this week, Microsoft's Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 . However, its close to impossible to handle manually. SOCRadar executives stated that the company does not keep any of the data it comes across and has since deleted any data that its tool may have accessed. In this case, Microsoft was wholly responsible for the data leak. In total, SOCRadar claims it was able to link this sensitive information to more than 65,000 entities from 111 countries stored in files dated from 2017 to August 2022. Flame wasnt just capable of infecting machines; it could also spread itself through a network using a rogue Microsoft certificate. Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. Regards.. Save my name, email, and website in this browser for the next time I comment. The security firm noted that while Microsoft might have taken swift action on fixing the misconfigured server, its research was able to connect the 65,000 entities uncovered to a file data composed between 2017 and 20222, according to Bleeping Computer. The cost of a data breach in 2022 was $4.35M - a 12.7% increase compared to 2020, when the cost was $3.86M. While its known that the records were publicly accessible, it isnt clear whether the data was actually accessed by cybercriminals. Please refresh the page and try again. Security Trends for 2022. According to the security firm the leak, dubbed "BlueBleed I", covers data from 65,000 "entities" in 111 countries, from between 2017 and August 2022. Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Learn more below. For their part, Lapsus$ has repeatedly stated that their motivations are purely financial: Remember: The only goal is money, our reasons are not political. They appear to exploit insider threats, and recently posted a notice asking tech workers to compromise their employers. Microsoft, one of the world's largest technology companies, suffered a serious security breach in March 2022. Why does Tor exist? Update October 20,08:15 EDT: Added SOCRadar statement and info on a notificationpushed by Microsoft through the M365 admin center on October 4th. On March 20 th 2022, the Lapsus$ group shared a snapshot to its Telegram channel showing that they have breached Microsoft. With information from the database, attackers could create tools to break into systems by exploring the vulnerabilities, potentially allowing them to target hundreds of millions of computers. Retardistan is by far the largest provider of tools to keep our youth memerised, so take a break sit back and think about what would be good for our communities and not just for your hip pocket. What Was the Breach? Organizations can face big financial or legal consequences from violating laws or requirements. This blog describes how the rule is an opportunity for the IT security team to provide value to the company. Every level of an organizationfrom IT operations and red and blue teams to the board of directors could be affected by a data breach. Microsoft has confirmed it was hacked by the same group that recently targeted Nvidia and Samsung. Join this webinar to gain clear advice on the people, process and technology considerations that must be made at every stage of an OT security programs lifecycle. Many developers and security people admit to having experienced a breach effected through compromised API credentials. Written by RTTNews.com for RTTNews ->. Additionally, they breached certain developer systems, including those operated by Zombie Studios, a company behind the Apache helicopter simulator used by the U.S. military. It confirms that it was notified by SOCRadar security researchers of a misconfigured Microsoft endpoint on Sept. 24, 2022. Digital Trends Media Group may earn a commission when you buy through links on our sites. A major data breach is a reminder that cybercriminals who access exposed data, which sometimes can include PII, can use it for a variety of crimes, including identity theft. Cyber incidents topped the barometer for only the second time in the surveys history. March 16, 2022. Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility. Successfully managing the lifecycle of data requires that you keep data for the right amount of time. Teh cloud is nothing more than a tool, not the be all end all digital savior that it's marketed as and that many believe it to be. A message from John Furrier, co-founder of SiliconANGLE: Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Ultimately, the responsibility of preventing accidental data exposure falls on the Chief Information Security Officer (CISO) and Chief Data Officer. (Torsten George), The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. The company believes such tools should include a verification system to ensure that a user can only look for data pertaining to them, and not to other users. A post in M365 Admin Center, ignoring regulators and telling acct managers to blow off customers ain't going to cut it. The flaws in Cosmos DB created a functional loophole, enabling any user to access a slew of databases and download, alter, or delete information contained therein. In August 2021, security professionals at Wiz announced that they were able to access customer databases and accounts housed on Microsoft Azure a cloud-based computing platform including records and data relating to many Fortune 500 companies. Overall, at least 47 companies unknowingly made stores data publicly accessible, exposing at least 38 million records. The exposed data includes, for example, emails from US .gov, talking about O365 projects, money etc - I found this not via SOCRadar, it's cached. Dr. Alex Wolf, Graduating medical student(PHD), hacker Joe who helped me in changing my grade and repaired my credit score with better score, pls reach out to him if you need An hacking service on DIGITALDAWGPOUNDHACKERGROUP@GMAIL.COM 1. 1Cost of a Data Breach Report 2021, Ponemon Institute, IBM. Amanda Silberling. However, the failure of the two-factor authentication system places at least some of the blame on the tech giant. BlueBleed discovered 2.4TB of data, including 335,000 emails, 133,000 projects, and 584,000 exposed users, according to a report on Bleeping Computer. Poll: Do you think Microsoft's purchase of Activision Blizzard will be approved? UPDATED 19:31 EST / OCTOBER 19 2022 SECURITY Microsoft data breach in September may have exposed customer information by Duncan Riley Microsoft Corp. today revealed details of a server. In July 2021, the Biden administration and some U.S. allies formally stated that they believed China was to blame. The group posted a screenshot on Telegram to. Hey Sergiu, do you have a CVE for this so I can read further on the exposure? VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system. Instead of finding these breaches out by landing on a page by accident or not, is quite concerning That allowed them to install a keylogger onto the computer of a senior engineer at the company. "Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint," Microsoft wrote in a detailed security response blog post (opens in new tab). In June 2012, word of a man-in-the-middle attack that allowed hackers to distribute malware by disguising the malicious code as a genuine Microsoft update emerged. However, it isnt clear whether the information was ultimately used for such purposes. If you're looking for more privacy while browsing, Tor is a good way to do that, as it is software that allows users to browse the web anonymously. Please try again later. Back in December, the company shared a statement confirming . Learn how Rabobank, Fannie Mae, and Ernst & Young maximized their existing Microsoft 365 subscriptions to gain integrated data loss prevention and information protection. BidenCash market leaks over 2 million stolen credit cards for free, White House releases new U.S. national cybersecurity strategy, Chick-fil-A confirms accounts hacked in months-long "automated" attack, BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11, The Week in Ransomware - March 3rd 2023 - Wide impact attacks, Brave Search launches AI-powered summarizer in search results, FBI and CISA warn of increasing Royal ransomware attack risks, Remove the Theonlinesearch.com Search Redirect, Remove the Smartwebfinder.com Search Redirect, How to remove the PBlock+ adware browser extension, Remove the Toksearches.xyz Search Redirect, Remove Security Tool and SecurityTool (Uninstall Guide), How to remove Antivirus 2009 (Uninstall Instructions), How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo, How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller, Locky Ransomware Information, Help Guide, and FAQ, CryptoLocker Ransomware Information Guide and FAQ, CryptorBit and HowDecrypt Information Guide and FAQ, CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ, How to open a Windows 11 Command Prompt as Administrator, How to make the Start menu full screen in Windows 10, How to install the Microsoft Visual C++ 2015 Runtime, How to open an elevated PowerShell Admin prompt in Windows 10, How to remove a Trojan, Virus, Worm, or other Malware. The 10 Biggest Data Breaches Of 2022. Overall, hundreds of users were impacted. Once the data is located, you must assign a value to it as a starting point for governance. Some of the original attacks were traced back to Hafnium, which originates in China. Many feel that a simple warning in technical documentation isnt sufficient, potentially putting part of the blame on Microsoft. He was imprisoned from April 2014 until July 2015. Microsoft has published the article Investigation Regarding Misconfigured Microsoft Storage Location regarding this incident. Microsoft hasn't shared any further details about how the account was compromised but provided an overview of the Lapsus$ group's tactics, techniques and procedures, which the company's Threat. Microsoft stated that a very small number of customers were impacted by the issue. For its part, Microsoft claimed that it had quickly secured its servers upon being notified, and that it has alerted affected customers of the potential data breach. Microsoft said the scale of the data breach has been 'greatly exaggerated', while SOCRadar claims around 65,000 companies were impacted. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. Lapsus took to social media to post a screen capture of the attack, making it clear that its team was deserving of what it considers . [ Read: Misconfigured Public Cloud Databases Attacked Within Hours of Deployment ]. Along with distributing malware, the attackers could impersonate users and access files. Attackers gained access to the SolarWinds system, giving them the ability to use software build features. To learn more about Microsoft Security solutions,visit ourwebsite. More than a quarter of IT leaders (26%) said a severe . At 44 percent, cyber incidents ranked higher than business interruptions at 42 percent, natural catastrophes at 25 percent, and pandemic outbreaks at 22 percent.4. Neiman Marcus: In October, Neiman Marcus made a data breach that occurred in May 2020 public. A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. A sophisticated attack on Microsoft Corp. 's widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before . Once the hackers could access customer networks, they could use customer systems to launch new attacks. Jay Fitzgerald. In January 2020, news broke of a misconfigured Microsoft internal customer support database that left records on 250 million customers were exposed. "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster." We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error. Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak Oct 21, 2022 Ravie Lakshmanan Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. SOCRadar said the exposed data belonged to Microsoft and it totaled 2.4 Tb of files collected between 2017 and August 2022. One of these fines was related to violating the GDPRs personal data processing requirements. We have directly notified the affected customers.". 2021. Greetings! Learn more about how to protect sensitive data. Microsoft admits a storage misconfiguation, data tracker leads to a data breach at a second US hospital chain, and more. 2 Risk-based access policies, Microsoft Learn. A representative for LinkedIn reported to Business Insider that this data was scraped from publicly available data on the platform. In some cases, it was employee file information. "Our investigation did not find indicators of compromise of the exposed storage location. MWC 2023 moves beyond consumer and deep into enterprise tech, Carrier equipment maker Ericsson lets go 8,500 employees, Apple reportedly planning second-generation mixed reality headset for 2025, Report: Justice Department plans lawsuit to block Adobe's $20B Figma acquisition, Galaxy Digital finalizes $44M acquisition of crypto self-custody platform GK8, Meta releases LLaMA to democratize access to large language AI models, INFRA - BY MARIA DEUTSCHER . January 17, 2022. Microsoft Data Breach Source: youtube.com. This miscongifuration resulted in the possibility of "unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers". Once within the system, attackers could also view, alter, or remove data, create new user accounts, and more. Additionally, several state governments and an array of private companies were also harmed. The only way to ensure that your sensitive data is stored properly is with a thorough data discovery process. The software giant, Microsoft, was hacked by the online criminal collective known as the Lapsus Hackers. October 20, 2022 2 minute read The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online - Thanks to a database misconfiguration - The researchers have dubbed the incident "BlueBleed." The data discovery process can surprise organizationssometimes in unpleasant ways. The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users. Though Microsoft would not reveal how many people were impacted, SOCRadar researchers claimed that 65,000 entities across 111 countries may have had their data compromised, which includes names, phone numbers, email addresses and content, company name, and attached files containing proprietary company information like proof of concept documents, sales data, product orders, and more. They were researching the system and discovered various vulnerabilities relating to Cosmos DB, the Azure database service. In 2020, Equifax was made to pay further settlements relating to the breach: $7.75 million (plus $2 million in legal fees) to financial institutions in the US plus $18.2 million and $19.5 million . One thing is clear, the threat isn't going away. To abide by the data minimization principle, once the data is no longer serving its purpose, it must be deleted. The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. However, it required active steps on the part of the user and wasnt applied by Microsoft automatically. SolarWinds is a major software company based in Tulsa, Okla., which provides system management tools for network and infrastructure monitoring, and other technical services to hundreds of thousands of organizations around the world. Kron noted that although cloud services can be very convenient, and if secured properly, also very secure, when a misconfiguration occurs, the information can be exposed to many more potential people than on traditional internal on-premise systems. Among the company's products is an IT performance monitoring system called Orion. The intrusion was only detected in September 2021 and included the exposure and potential theft of . Microsoft said that it does not believe that any data was improperly accessed prior to correcting the security flaw. The 68 Biggest Data Breaches (Updated for November 2022) Our updated list for 2021 ranks the 60 biggest data breaches of all time . As Microsoft continued to investigate activities relating to the SolarWinds hackers which Microsoft dubbed Nobelium it determined that additional systems had been compromised by the attackers. As mentioned earlier, data discovery requires locating all the places where your sensitive data is stored. Microsoft Data Breach. Today's tech news, curated and condensed for your inbox. Common types of sensitive data include credit card numbers, personally identifiable information (PII) like a home address and date of birth, Social Security Numbers (SSNs), corporate intellectual property (IP) like product schematics, protected health information (PHI), and medical record information that could be used to identify an individual.