The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. Since sensitive data is everywhere, we recommend looking for a multicloud, multi-platform solution that enables you to leverage automation. In total, SOCRadar claims it was able to link this sensitive information to more than 65,000 entities from 111 countries stored in files dated from 2017 to August 2022. In April 2019, Microsoft announced that hackers had acquired a customer support agents credentials, giving them access to some webmail accounts including @outlook.com, @msn.com, and @hotmail.com accounts between January 1, 2019, and March 28, 2019. This is much easier with support for sensitive data types that can identify data using built-in or custom regular expressions or functions. "More importantly, we are disappointed that SOCRadar has chosen to release publicly a 'search tool' that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk," Microsoft added in its response. According to a posttoday by the Microsoft Security Response Center, the breach related to a misconfigured Microsoft endpoint that was detected by security researchers at SOCRadar Cyber Intelligence Inc. on Sept. 24. NY 10036. Teh cloud is nothing more than a tool, not the be all end all digital savior that it's marketed as and that many believe it to be. In it, they asserted that no customer data had been compromised; per Microsofts description, only a single account was hijacked, and the companys security team was able to stop the attack before Lapsus$ could infiltrate any deeper into their organization. Many feel that a simple warning in technical documentation isnt sufficient, potentially putting part of the blame on Microsoft. Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar. The hacker was charging the equivalent of less than $1 for the full trove of information. Please try again later. They also said they had secured the endpoint and notified the accounts that had been compromised, and elaborated that they found no evidence customer accounts had actually been compromised only exposed. August 25, 2021 11:53 am EDT. For instance, you may collect personal data from customers who want to learn more about your services. November 16, 2022. Microsoft (MSFT) has confirmed it was breached by the hacker group Lapsus$, adding to the cyber gang's growing list of victims. All Rights Reserved. whatsapp no. Threat intelligence firm SOCRadar reported that a Microsoft customer data breach affected hundreds of thousands of users from thousands of entities worldwide. Overall, its believed that less than 1,000 machines were impacted. Among the targeted SolarWinds customers was Microsoft. In this case, Microsoft was wholly responsible for the data leak. Microsoft is investigating claims that an extortion-focused hacking group that previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal . In 2022, it took an average of 277 daysabout 9 monthsto identify and contain a breach. A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services. Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. SOCRadar said the exposed data belonged to Microsoft and it totaled 2.4 Tb of files collected between 2017 and August 2022. Future US, Inc. Full 7th Floor, 130 West 42nd Street, And you dont want to delete data too quickly and put your organization at risk of regulatory violations. For the 2022 report, Allianz gathered insights from 2,650 risk management experts from 89 countries and territories. Neiman Marcus: In October, Neiman Marcus made a data breach that occurred in May 2020 public. The threat intel company added that, from its analysis, the leaked data "includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property. > Redmond added that the leak was caused by the "unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem" and *not due to a security vulnerability.*. Sarah Tew/CNET. Microsoft has confirmed that the hacker group Lapsus$ breached its security system, after the digital extortion gang claimed credit earlier this week. 1. Since dozens of organizations including American Airlines, Ford Motor Co., and the New York Metropolitan Transportation Authority were involved, the nature of the exposed data varied. Some records contained highly sensitive personal information, such as full names, birth dates, Social Security numbers, addresses, and demographic details. Microsoft did not say how many potential customers were exposed by the misconfiguration, but in a separate post, SOCRadar, which describes the exposure as BlueBleed, puts the figure at more than 65,000. Once within the system, attackers could also view, alter, or remove data, create new user accounts, and more. After several rounds of layoffs, Twitter's staff is down from . Once the hackers could access customer networks, they could use customer systems to launch new attacks. This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand, Kron added. We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. BlueBleed discovered 2.4TB of data, including 335,000 emails, 133,000 projects, and 584,000 exposed users, according to a report on Bleeping Computer. Whether the first six months of 2022 have felt interminable or fleetingor bothmassive hacks, data breaches, digital scams, and ransomware attacks continued apace throughout the first half of . Ultimately, the responsibility of preventing accidental data exposure falls on the Chief Information Security Officer (CISO) and Chief Data Officer. So, tell me Mr. & Mrs. Microsoft, would there be any chance at all that you may in fact communicate with your customer base. Exposed data included names, email addresses, email content, company name and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. Microsoft was alerted by security researchers at SOCRadar about a misconfigured endpoint that had exposed some customer information. A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. The database wasnt properly password-protected for approximately one month (December 5, 2019, through December 31, 2019), making the details accessible to anyone with a web browser who managed to connect to the database. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking. Digital Trends Media Group may earn a commission when you buy through links on our sites. Learn how Rabobank, Fannie Mae, and Ernst & Young maximized their existing Microsoft 365 subscriptions to gain integrated data loss prevention and information protection. The tech giant said it quickly addressed the issue and notified impacted customers. Leveraging security products that enable auto-labeling of sensitive data across an enterprise is one method, among several that help overcome these data challenges. The exposed data includes, for example, emails from US .gov, talking about O365 projects, money etc - I found this not via SOCRadar, it's cached. Microsoft said that it does not believe that any data was improperly accessed prior to correcting the security flaw. The company revealed that information that may have been exposed as a result of the breach include names, email addresses, email content, company name, phone numbers, and other attached files, but Microsoft stopped short of revealing how many entities were impacted. After digging deeper, the specialist noticed more unexpected activities, including requests relating to specific emails and for confidential files. Threat intelligence firm SOCRadar revealed on Wednesday that it has identified many misconfigured cloud storage systems, including six large buckets that stored information associated with 150,000 companies across 123 countries. Security breaches are very costly. Patrick O'Connor, CISSP, CEH, MBCS takes a look at significant security incidents in 2022 so far: some new enemies, some new weaknesses but mostly the usual suspects. In a year of global inflation and massive rises in energy costs, it should come as no surprise that the cost of a data breach has also reached . "Threat actors who may have accessed the bucket may use this information in different forms for extortion, blackmailing, creating social engineering tactics with the help of exposed information, or simply selling the information to the highest bidder on the dark web and Telegram channels," SOCRadar warned. The 10 Biggest Data Breaches Of 2022. The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. On March 20, 2022, the hacker group Lapsus$ posted a screenshot to their Telegram channel indicating that they had breached Microsoft. A misconfigured Microsoft endpoint resulted in the potential for unauthenticated access to some business transaction data. $1.12M Average savings of containing a data breach in 200 days or less Key cost factors Ransomware attacks grew and destructive attacks got costlier Besideswhat wasfound inside Microsoft's misconfigured server, BlueBleed also allows searching for data collected from five otherpublic storage buckets. In November 2016, word of pervasive spam messages coming from Microsoft Skype accounts broke. Additionally, it wasnt immediately clear who was responsible for the various attacks. When an unharmed machine attempted to apply a Microsoft update, the request was intercepted before reaching the Microsoft update server. On March 22, Microsoft issued a statement confirming that the attacks had occurred. Mainly, this is because the resulting hacks werent all administered by a single group for one purpose. Due to persistent pressure from Microsoft, we even have to take down our query page today. (RTTNews) - Personal data of 38 million users were accidentally leaked due to a fault in Microsoft's (MSFT) Power Apps . If you have been impacted from this potential data breach, you will receive details and instructions from Microsoft. He has six years of experience in online publishing and marketing. A cybercriminal gang, Lapsus$, managed to breach some of the largest tech companies in the world - including Samsung, Ubisoft, and most recently, Microsoft Bing. The proposed Securities and Exchange Commission rule creates new reporting obligations for United States publicly traded companies to disclose cybersecurity incidents, risk management, policies, and governance. Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. For data classification, we advise enforcing a plan through technology rather than relying on users. A hacking group known as the Xbox Underground repeatedly hacked Microsoft systems between 2011 and 2013. The main concern is that the data could make the customers prime targets for scammers, as it would make it easier for them to impersonate Microsoft support personnel. The business transaction data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. The data classification process involves determining datas sensitivity and business impact so you can knowledgeably assess the risks. Microsoft uses the following classifications: Identifying data at scale is a major challenge, as is enforcing a process so employees manually mark documents as sensitive. Trainable classifiers identify sensitive data using data examples. Eduard holds a bachelors degree in industrial informatics and a masters degree in computer techniques applied in electrical engineering. Why does Tor exist? Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding. When you purchase through links on our site, we may earn an affiliate commission. Below, youll find a full timeline of Microsoft data breaches and security incidents, starting with the most recent. (Joshua Goldfarb), Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. Senior Product Marketing Manager, Microsoft, Featured image for SEC cyber risk management rulea security and compliance opportunity, SEC cyber risk management rulea security and compliance opportunity, Featured image for 4 things to look for in a multicloud data protection solution, 4 things to look for in a multicloud data protection solution, Featured image for How businesses are gaining integrated data protection with Microsoft Purview, How businesses are gaining integrated data protection with Microsoft Purview, Azure Active Directory part of Microsoft Entra, Microsoft Defender Vulnerability Management, Microsoft Defender Cloud Security Posture Mgmt, Microsoft Defender External Attack Surface Management, Microsoft Purview Insider Risk Management, Microsoft Purview Communication Compliance, Microsoft Purview Data Lifecycle Management, Microsoft Security Services for Enterprise, Microsoft Security Services for Incident Response, Microsoft Security Services for Modernization, Cyberattacks Against Health Plans, Business Associates Increase, Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected, Allianz Risk Barometer 2022:Cyber perils outrank Covid-19 and broken supply chains as top global business risk, Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt. While Microsoft refrained from providing any additional details regarding this data leak, SOCRadar revealed in a blog post published today that the data was stored on misconfigured Azure Blob Storage. Additionally, Microsoft had issue with the way that SOCRadar researchers handled their discovery of the breach by using a search tool to try to connect the data. Almost 70,000 patients had their personal data compromised in a recent breach of Kaiser Permanente. The hacker gained access to the personal data through an employee's email that contained sensitive information including patient names, medical information, and test results. Regards.. Save my name, email, and website in this browser for the next time I comment. In a lengthy blog post, Microsofts security team described Lapsus$ as a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements. They go on to describe the groups tactics in great detail, indicating that Microsoft had been studying Lapsus$ carefully before the incident occurred. A sophisticated attack on Microsoft Corp. 's widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before . "On September 24, 2022, SOCRadar's built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider," SOCRadarsaid. Windows Central is part of Future US Inc, an international media group and leading digital publisher. A late 2022 theft of LastPass's decrypted password vaults has been tracked to one of the company's DevOps engineers, as attackers reportedly targeted a vulnerability in a media software package on the employee's home computer. our article on the Lapsus$ groups cyberattacks, Data Leak Notice on iPhone What to Do About It, Verizon Data Breaches: Full Timeline Through 2023, AT&T Data Breaches: Full Timeline Through 2023, Google Data Breaches: Full Timeline Through 2023. A representative for LinkedIn reported to Business Insider that this data was scraped from publicly available data on the platform. Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox. Also, consider standing access (identity governance) versus protecting files. Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. Per SOCRadar's analysis, these files contain customer emails, SOW documents, product offers,POC (Proof of Concept) works, partner ecosystem details, invoices, project details, customer product price list,POE documents, product orders, signed customer documents, internal comments for customers, sales strategies, and customer asset documents. Microsoft is another large enterprise that suffered two major breaches in 2022. Hackers also had access relating to Gmail users. The average data breach costs in 2022 is $4.35 million, a 2.6% rise from 2021 amount of $4.24 million. Among the company's products is an IT performance monitoring system called Orion. In Microsoft's server alone, SOCRadar claims to have found2.4 TB of data containing sensitive information, withmore than 335,000 emails, 133,000 projects, and 548,000 exposed users discovered while analyzing the leaked files until now. Data Breaches. Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. A security lapse left an Azure endpoint available for unauthenticated access in the incident, termed "BlueBleed." In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. Data Breach Response: Microsoft determines appropriate priority and severity levels of a breach by investigating the functional impact, recoverability, and information impact of the incident. It's being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of Many Breaches, contains more than 3.2 billion unique pairs of cleartext emails and passwords. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of. The details which included names, gamer tags, birthdays, and emails were accidentally published online and not accessed via a hack. Bookmark theSecurity blogto keep up with our expert coverage on security matters. 9. Microsoft confirmed that a misconfigured system may have exposed customer data. In July 2021, the Biden administration, along with the FBI, accused China of the data breach. The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords. On March 20, 2022, the infamous hacker group Lapsus$ announced that they had successfully breached Microsoft. The security firm noted that while Microsoft might have taken swift action on fixing the misconfigured server, its research was able to connect the 65,000 entities uncovered to a file data composed between 2017 and 20222, according to Bleeping Computer. Heres how it works. One day companies are going to figure out just how bad a decision it was t move everything to and become dependent on a cloud. In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note. As the specialist looked for more details regarding what was happening, more hacking activity was uncovered. March 16, 2022. Microsoft Digital Defense Report 2022 Illuminating the threat landscape and empowering a digital defense. Scans for data will pick up those surprise storage locations. The screenshot was taken within Azure DevOps, a collaboration software created by Microsoft, and indicated that Bing, Cortana, and other projects had been compromised in the breach. When considering plan protections, ask: Who can access the data? He graduated from the University of Virginia with a degree in English and History. The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability, Microsoft explained. Back in December, the company shared a statement confirming . "On this query page, companies can see whether their data is published anonymously in any open buckets. Overall, Flame was highly targeted, limiting its spread. 2Cyberattacks Against Health Plans, Business Associates Increase, Jill McKeon, HealthITSecurity xtelligent Healthcare Media. Some solution providers divorce productivity and compliance and try to merely bolt-on data protection. However, it would have been nice to see more transparency from Microsoft about the severity of the breach and how many people may have been impacted, especially in light of the data that SOCRadar was able to collect. Related: Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases, Related: Microsoft Confirms NotLegit Azure Flaw Exposed Source Code Repositories. From the article: According to the newest breach statistics from the Identity Theft Research Center, the number of victims . A post in M365 Admin Center, ignoring regulators and telling acct managers to blow off customers ain't going to cut it. There was a problem. In one of the broadest security incidents involving Microsoft, four zero-day vulnerabilities led to widespread hacking attempts targeting Microsoft Exchange Servers. The extent of the breach wasnt fully disclosed to the public, though former Microsoft employees did state that the database contained descriptions of existing vulnerabilities in Microsoft software, including Windows operating systems. Data leakage protection is a fast-emerging need in the industry. Upon being notified of the misconfiguration, the endpoint was secured. "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster." These buckets, which the firm has dubbed BlueBleed, included a misconfigured Azure Blob Storage instance allegedly containing information on more than 65,000 entities in 111 countries. Update October 20,08:15 EDT: Added SOCRadar statement and info on a notificationpushed by Microsoft through the M365 admin center on October 4th. At the time, the cache was one of the largest ever uncovered, and only came to light when a Russian hacker discussed the collected data on an online forum. As Microsoft continued to investigate activities relating to the SolarWinds hackers which Microsoft dubbed Nobelium it determined that additional systems had been compromised by the attackers. SOCRadar'sdata leak search portal is namedBlueBleed and it allowscompaniesto find if their sensitive info wasalso exposed with the leaked data. For instance, an employee may have stored a customers SSN in an unprotected Microsoft 365 site or third-party cloud without your knowledge. ", Furthermore, Redmond said that SOCRadar's decision to collect the data and make it searchable using a dedicated search portal "is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk. Many people are justifiably worried about their personal information being stolen or viewed, including bank records, credit card info, and browser or login history. Additionally, we found that no customer accounts and systems were compromised due to unrestricted access.