Following this SOCRadar shared its finding with the company on September 24, revealing that its Azure Blob Storage was compromised and exposed 2.4TB of data. This data included names, phone numbers, email addresses, company names, attached proprietary information, documents etc. Microsoft also released a statement saying that it has secured the compromised segment. “This endpoint is now only accessible with required authentication and an investigation found no indication customer accounts or systems were compromised.” While Microsoft looked quite positive, SOCRadar made BlueBlees Searchy Portal available to Microsoft customers to check whether they are affected or not. No doubt, Microsoft took swift action to fix the affected sever but 65,000 entities were already uncovered during the time span of 2017 to 2022. However, Microsoft is not happy about SOCRadar handling this breach. It also said that: “encouraging entities to use its search tool is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.” In replying to this, the research team said that they have not violated any privacy protocols and not a single information is uncovered at their end. In this instance, SOCRadar VP of Research and CISO Ensar Şeker said: “No data was downloaded. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems,” We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. Search can be done via metadata (company name, domain name, and email). Due to persistent pressure from Microsoft, we even have to take down our query page today,” Hats off to SOCRadar for making us aware of this since Microsoft itself has not shared any information on it till now. Also Read: Microsoft challenges Apple and Google to build its gaming store
