In 2021, the effects of ransomware and data breaches were felt by all of us. Regards.. Save my name, email, and website in this browser for the next time I comment. Attackers typically install a backdoor that allows the attacker . The database wasnt properly password-protected for approximately one month (December 5, 2019, through December 31, 2019), making the details accessible to anyone with a web browser who managed to connect to the database. Microsoft hasn't shared any further details about how the account was compromised but provided an overview of the Lapsus$ group's tactics, techniques and procedures, which the company's Threat. In July 2021, the Biden administration, along with the FBI, accused China of the data breach. Additionally, Microsoft had issue with the way that SOCRadar researchers handled their discovery of the breach by using a search tool to try to connect the data. Welcome to Cyber Security Today. We really want to hear from you, and were looking forward to seeing you at the event and in theCUBE Club. The database contained records collected dating back as far as 2005 and as recently as December 2019. Microsoft has confirmed that the hacker group Lapsus$ breached its security system, after the digital extortion gang claimed credit earlier this week. Common types of sensitive data include credit card numbers, personally identifiable information (PII) like a home address and date of birth, Social Security Numbers (SSNs), corporate intellectual property (IP) like product schematics, protected health information (PHI), and medical record information that could be used to identify an individual. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.". UPDATED 19:31 EST / OCTOBER 19 2022 SECURITY Microsoft data breach in September may have exposed customer information by Duncan Riley Microsoft Corp. today revealed details of a server. While the exact number isnt clear, the issue potentially impacted over 30,000 U.S. companies, and as many as 60,000 companies worldwide. For example, through the flaw which was related to Internet Explorer 6, specifically attackers gained the ability to download malware onto a Google employees computer, giving them access to proprietary information. A security lapse left an Azure endpoint available for unauthenticated access in the incident, termed "BlueBleed." (Matt Wilson), While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in a self-service manner are becoming increasingly popular. However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. The issue was discovered by UpGuard, a cybersecurity firm, and was promptly reported to Microsoft and impacted organizations, allowing the tech giant and the other companies and agencies to address the problem and plug the leaks. Five insights you might have missed from the Dell-DXC livestream event, Interview: Here's how AWS aims to build new bridges for telcos into the cloud-native world, Dell addresses enterprise interest in a simpler consolidated security model, The AI computing boom: OctoML targets machine learning workload deployment, Automation is moving at a breakneck pace: Heres how that trend is being leveraged in enterprise IT, DIVE INTO DAVE VELLANTES BREAKING ANALYSIS SERIES, Dave Vellante's Breaking Analysis: The complete collection, MWC 2023 highlights telco transformation and the future of business, Digging into Google's point of view on confidential computing, Cloud players sound a cautious tone for 2023. Today's tech news, curated and condensed for your inbox. Get the best of Windows Central in your inbox, every day! The SOCRadar researchers also note that the leaking data on the Azure Blob Storage instance totaled 2.4 terabytes and included proof-of-execution and statement-of-work documents, including some that may reveal intellectual property. Microsoft followed suit and named a Chinese state-sponsored hacker group, Hafnium, as the culprit behind the attack. Microsoft data breach exposed sensitive data of 65,000 companies By Fionna Agomuoh October 20, 2022 Microsoft servers have been subject to a breach that might have affected over. Reach a large audience of enterprise cybersecurity professionals. Bookmark theSecurity blogto keep up with our expert coverage on security matters. Aside from the researchers, it isnt clear whether the data was accessed by third parties, including potential attackers. They were researching the system and discovered various vulnerabilities relating to Cosmos DB, the Azure database service. Read the executive summary Read the report Insights every organization needs to defend themselves Our technologies connect billions of customers around the world. Also, organizations can have thousands of sensitive documents, making manual identification and classification of data untenable because the process would be too slow and inaccurate. A configuration issue allowed customers to download Offline Address Books which contained business contact information for employees of other users inadvertently. Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. In July 2021, the Biden administration and some U.S. allies formally stated that they believed China was to blame. If hackers gained access to that Skype password, they could effectively bypass the two-factor authentication, giving them access. SOCRadar said the exposed data belonged to Microsoft and it totaled 2.4 Tb of files collected between 2017 and August 2022. Jay Fitzgerald. our article on the Lapsus$ groups cyberattacks, Data Leak Notice on iPhone What to Do About It, Verizon Data Breaches: Full Timeline Through 2023, AT&T Data Breaches: Full Timeline Through 2023, Google Data Breaches: Full Timeline Through 2023. You can read more in our article on the Lapsus$ groups cyberattacks. The most recent Microsoft breach occurred in October 2022, when data on over 548,000 users was found on an misconfigured server. Many feel that a simple warning in technical documentation isnt sufficient, potentially putting part of the blame on Microsoft. However, News Corp uncovered evidence that emails were stolen from its journalists. In it, they asserted that no customer data had been compromised; per Microsofts description, only a single account was hijacked, and the companys security team was able to stop the attack before Lapsus$ could infiltrate any deeper into their organization. No data was downloaded. Due to persistent pressure from Microsoft, we even have to take down our query page today, he added. In Microsoft's server alone, SOCRadar claims to have found2.4 TB of data containing sensitive information, withmore than 335,000 emails, 133,000 projects, and 548,000 exposed users discovered while analyzing the leaked files until now. Additionally, several state governments and an array of private companies were also harmed. This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations networks.. Microsoft confirmed that a misconfigured system may have exposed customer data. Below, you'll find a full timeline of Microsoft data breaches and security incidents, starting with the most recent. Learn four must-haves for multicloud data protection, including how an integrated solution provides greater scalability and protection across your multicloud and hybrid environment. Some solution providers divorce productivity and compliance and try to merely bolt-on data protection. Poll: Do you think Microsoft's purchase of Activision Blizzard will be approved? Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts. Thu 20 Oct 2022 // 15:00 UTC. All Rights Reserved. ", Furthermore, Redmond said that SOCRadar's decision to collect the data and make it searchable using a dedicated search portal "is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk. SOCRadar executives stated that the company does not keep any of the data it comes across and has since deleted any data that its tool may have accessed. January 17, 2022. This is much easier with support for sensitive data types that can identify data using built-in or custom regular expressions or functions. Read our posting guidelinese to learn what content is prohibited. Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility. Senior Product Marketing Manager, Microsoft, Featured image for SEC cyber risk management rulea security and compliance opportunity, SEC cyber risk management rulea security and compliance opportunity, Featured image for 4 things to look for in a multicloud data protection solution, 4 things to look for in a multicloud data protection solution, Featured image for How businesses are gaining integrated data protection with Microsoft Purview, How businesses are gaining integrated data protection with Microsoft Purview, Azure Active Directory part of Microsoft Entra, Microsoft Defender Vulnerability Management, Microsoft Defender Cloud Security Posture Mgmt, Microsoft Defender External Attack Surface Management, Microsoft Purview Insider Risk Management, Microsoft Purview Communication Compliance, Microsoft Purview Data Lifecycle Management, Microsoft Security Services for Enterprise, Microsoft Security Services for Incident Response, Microsoft Security Services for Modernization, Cyberattacks Against Health Plans, Business Associates Increase, Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected, Allianz Risk Barometer 2022:Cyber perils outrank Covid-19 and broken supply chains as top global business risk, Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt. Thank you for signing up to Windows Central. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems," SOCRadar VP of Research and CISO Ensar eker told BleepingComputer. Overall, hundreds of users were impacted. Breaches of sensitive data are extremely costly for organizations when you tally data loss, stock price impact, and mandated fines from violations of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), or other regulations. Security breaches are very costly. whatsapp no. Shortening the time it takes to identify and contain a data breach to 200 days or less can save money. This field is for validation purposes and should be left unchanged. On March 22, Microsoft issued a statement confirming that the attacks had occurred. The data discovery process can surprise organizationssometimes in unpleasant ways. The company secured the server after being notified of the leak on September 24, 2022by security researchers at threat intelligence firm SOCRadar. The company's support team also reportedly told customers who reached out that it would not notify data regulators because "no other notifications are required under GDPR" besides those sent to impacted customers. One day companies are going to figure out just how bad a decision it was t move everything to and become dependent on a cloud. Amanda Silberling. That allowed them to install a keylogger onto the computer of a senior engineer at the company. SOCRadar described it as one of the most significant B2B leaks. The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks. The unintentional misconfiguration was on an endpoint that was not in use across the Microsoft ecosystem and was not the result of a security vulnerability. The company has also been making a bigger push and investment in cybersecurity with its new Microsoft Security Experts program and integrating security intelligence into its Windows Defender tool. This misconfiguration resulted in unauthenticated access to some business transaction data, it says. Threat intelligence firm SOCRadar reported that a Microsoft customer data breach affected hundreds of thousands of users from thousands of entities worldwide. SOCRadar VP of Research Ensa Seker told the publication that no data was shared with anyone through the use of BlueBleed, and all the data that it had collected has since been deleted. Another was because of insufficient detail to consumers in a privacy policy about data processing practices. NY 10036. Once the data is located, you must assign a value to it as a starting point for governance. By SOCRadars account, this data pertained to over 65,000 companies and 548,000 users, and included customer emails, project information, and signed documents. Additionally, they breached certain developer systems, including those operated by Zombie Studios, a company behind the Apache helicopter simulator used by the U.S. military. (RTTNews) - Personal data of 38 million users were accidentally leaked due to a fault in Microsoft's (MSFT) Power Apps . January 31, 2022. Where should the data live and where shouldnt it live? The only way to ensure that your sensitive data is stored properly is with a thorough data discovery process. BlueBleed discovered 2.4TB of data, including 335,000 emails, 133,000 projects, and 584,000 exposed users, according to a report on Bleeping Computer. Never seen this site before. In March, the hacker group Lapsus$ struck again, claiming to have breached Microsoft and shared screenshots taken within Azure DevOps, Microsoft's collaboration software. Sensitive data can live in unexpected places within your organization. Thank you, CISA releases free Decider tool to help with MITRE ATT&CK mapping, Terms of Use - Privacy Policy - Ethics Statement, Copyright @ 2003 - 2023 Bleeping Computer LLC - All Rights Reserved. A cybercriminal gang, Lapsus$, managed to breach some of the largest tech companies in the world - including Samsung, Ubisoft, and most recently, Microsoft Bing. Learn more below. Microsoft is investigating claims that an extortion-focused hacking group that previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal . Misconfigured Public Cloud Databases Attacked Within Hours of Deployment, Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases, Microsoft Confirms NotLegit Azure Flaw Exposed Source Code Repositories, Industry Experts Analyze US National Cybersecurity Strategy, Critical Vulnerabilities Allowed Booking.com Account Takeover, Information of European Hotel Chains Customers Found on Unprotected Server, New CISA Tool Decider Maps Attacker Behavior to ATT&CK Framework, Dish Network Says Outage Caused by Ransomware Attack, Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products, 33 New Adversaries Identified by CrowdStrike in 2022, Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites, EPA Mandates States Report on Cyber Threats to Water Systems, Thousands of Websites Hijacked Using Compromised FTP Credentials, Organizations Warned of Royal Ransomware Attacks, White House Cybersecurity Strategy Stresses Software Safety, Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts, BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems, Advancing Women in Cybersecurity One CMOs Journey.