On September 24, the cyber threat intelligence company SOCRadar notified Microsoft that one of its Azure Blob Storage servers was misconfigured and leaking customer information. Now, almost a month later, both Microsoft and SOCRadar have released blog posts warning businesses that some of their transaction data and communications with Microsoft and authorized Microsoft partners may may been exposed in this leak.
The company secured the server after being notified of the leak on September 24, 2022 by security researchers at threat intelligence firm SOCRadar.
Microsoft said on the 19th of October that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet.
From Microsoft: The business transaction data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability