Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Security IT

Microsoft Disputing Just How Big Its Customer Data Leak Was (protocol.com) 5

Microsoft says that an unspecified amount of customer data, including contact info and email content, was recently left exposed to potential access over the internet as a result of a server configuration error. From a report: Cybersecurity vendor SOCRadar, which reported the data leak to Microsoft, said in a blog post that data belonging to more than 65,000 companies was affected. Microsoft, however, said in its own post that SOCRadar "has greatly exaggerated the scope of this issue." Microsoft didn't disclose specifics around the number of companies whose data may have been exposed in the leak or the amount of data involved. The server misconfiguration was reported on Sept. 24, and the impacted server was "quickly secured" after that, according to Microsoft. Due to the configuration error, there was a potential that certain "business transaction data" could have been accessed without a need for authentication, Microsoft said. The data corresponds to "interactions between Microsoft and prospective customers," including around the planning and implementation of Microsoft services, the company said in its post.
This discussion has been archived. No new comments can be posted.

Microsoft Disputing Just How Big Its Customer Data Leak Was

Comments Filter:
  • by oldgraybeard ( 2939809 ) on Thursday October 20, 2022 @12:41PM (#62983517)
    "How Big Its Customer Data Leak Was" wonder which Data Leak their talking about?
  • by StormReaver ( 59959 ) on Thursday October 20, 2022 @02:39PM (#62983871)

    There seems to be no end to the gamble companies will take with Cloud services. Some people never learn. Over 65,000 companies compromised due to ONE SERVER being misconfigured. There is no other circumstance in which so many companies can potentially be destroyed by a single server except for Cloud Computing.

    This whole thing is insane in the widespread incompetence of so many disparate companies handing over the keys of their kingdoms to another highly incompetent entity. It's just mind-boggling how willing so many companies are to gamble with the futures of so many people.

    • by Hank21 ( 6290732 )
      The alternative of "rolling your own" and keeping up with security updates and compliance and new tech requirements etc. etc... is just too much for more and more smaller shops. I mean if you're a 10 person shop, securely maintaining a stack that can handle collaboration, email and so on is just to costly. I don't like it, but that's where we're at. And before anyone starts mentioning open source alternatives - most of the good ones that come close to offering decent features have all sold out and gone
  • by ScooterComputer ( 10306 ) on Thursday October 20, 2022 @02:40PM (#62983879)

    Hmmmmma year or so ago I reported to Microsoft security that I'd gotten a spam email (for an AMEX card) to a unique email address that I'd ONLY used when communicating with Microsoft for one of my clients that would have been "'interactions between Microsoft and prospective customers,' including around the planning and implementation of Microsoft services." They were pretty insistent it wasn't a breach on their side, which was completely impossible, since the address was completely unique (and not guessable). Guess I know differently now! Wonder how long this exposed??

  • It's not about the severity of the leak but the height of the fine that Microsoft needs to pay.

You are always doing something marginal when the boss drops by your desk.

Working...