Huge data leak at Microsoft: 65,000 companies affected

© hywards / shutterstock.com

A configuration error at Microsoft apparently led to one in the past huge data leak. Sensitive customer data from numerous companies was temporarily unprotected and publicly accessible. That shared Microsoft in one blog entry With.

After a note from security researchers, which was received in September, Microsoft has secured the server again. Before that, however sensitive business data and customer information (including names, email addresses, email content, company names and phone numbers) from almost 65,000 companies have been in danger of being viewed by third parties.

Microsoft emphasizes that the error was not a security vulnerability. The issue was caused by an unintentional misconfiguration on an endpoint that is not used across the Microsoft ecosystem. Therefore also exist no danger for other data storage.

According to Microsoft’s own research, it should no hint have indicated that customer accounts or systems have been compromised by the bug. Nevertheless, they promise to improve their own processes in order to be able to prevent such problems in the future.

Microsoft disappointed by security researchers, finds numbers exaggerated

The company also emphasizes that they would have liked the security researchers to deal with the problem differently. You have the problem in Data Leak Report exaggerated and some data was counted several times and a search tool was set up for those affected, although this is not in the interest of data protection and customers.

Microsoft, on the other hand, has data subjects notified directly and how to contact Microsoft if you have any questions or problems. Anyone who did not receive such a message was therefore not affected by the data leak.

According to the experts, the data come from the years 2017 to 2022 as well as from 111 different countries. Viewed from the outside, it is difficult to judge whether the security researchers miscalculated their investigation or whether Microsoft is downplaying the situation. Ultimately, however, those affected have to rely on the information provided by Microsoft.

zero-day gap

Microsoft: Two active vulnerabilities on Exchange server…

Microsoft Exchange is again affected by security vulnerabilities. The two zero-day vulnerabilities are still being actively exploited, and a fix is ​​in the works.

updates

Outlook crashes: Microsoft delivers bug fix

Since August, Outlook can increasingly crash after startup. Around two months later, Microsoft solved the problem with a bug fix.

10/21/2022 from
Laura Pippig

Continue to home page

more on the subject

Online Safety

Apple, Google and Microsoft encourage login without a password

Large companies such as Apple, Google and Microsoft want to encourage logins without a password in the future. As an alternative, the extended FIDO standard…

When is the patch coming?

Office vulnerability: “Follina” vulnerability…

The “Follina” vulnerability has been confirmed by Microsoft and allows attacks on PCs via Office files. So far there is no patch.

update available

Edge Browser: Critical Vulnerability Warning

A vulnerability with risk level High was discovered in Edge. Microsoft fixes the vulnerability in the browser with an update.

company at risk

Microsoft: mail services in the focus of phishing attacks

A phishing campaign uses targeted attacks against companies that use Microsoft mail services. Outlook users must take this into account.

Token danger

Vulnerability discovered in Microsoft Teams

Security experts have discovered a vulnerability in Microsoft Teams. Attackers can take advantage of tokens that are stored locally.