: +1 732 639 1527. (RTTNews) - Personal data of 38 million users were accidentally leaked due to a fault in Microsoft's (MSFT) Power Apps . Microsoft acknowledged the data leak in a blog post. Then, Flame returned a malicious executable file featuring a rogue certificate, causing the uninfected machine to download malware. Amanda Silberling. However, it required active steps on the part of the user and wasnt applied by Microsoft automatically. The business transaction data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. With information from the database, attackers could create tools to break into systems by exploring the vulnerabilities, potentially allowing them to target hundreds of millions of computers. In a blog post late Tuesday, Microsoft said Lapsus$ had. That allowed them to install a keylogger onto the computer of a senior engineer at the company. It all began in August 2022, when LastPass revealed that a threat actor had stolen the apps source code. "More importantly, we are disappointed that SOCRadar has chosen to release publicly a 'search tool' that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk," Microsoft added in its response. What Was the Breach? The yearly average data breach cost increased the most between the year's 2020 and 2021 - a spike likely influenced by the COVID-19 pandemic. Attackers gained access to the SolarWinds system, giving them the ability to use software build features. The research firm insists that it has not overstepped any privacy protocols in its work and none of the information it uncovered was saved on its end. A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Exposed data included names, email addresses, email content, company name and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. January 17, 2022. Learn how Rabobank, Fannie Mae, and Ernst & Young maximized their existing Microsoft 365 subscriptions to gain integrated data loss prevention and information protection. Microsoft Corp. today revealed details of a server misconfiguration that may have compromised the data of some potential customers in September. Overall, its believed that less than 1,000 machines were impacted. Creating the rogue certificate involved exploiting the algorithm Microsoft used to set up remote desktops on systems, allowing code to be crafted that appeared to come from Microsoft. The victim was reportedly one of only four employees at the company that had access to a shared folder that provided the keys to customer vaults. Thank you for signing up to Windows Central. In a revelation this week, Microsoft's Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 . So, tell me Mr. & Mrs. Microsoft, would there be any chance at all that you may in fact communicate with your customer base. The company learned about the misconfiguration on September 24 and secured the endpoint. On March 20, 2022, the infamous hacker group Lapsus$ announced that they had successfully breached Microsoft. The screenshot posted to their Telegram channel showed that Bing, Cortana, and other projects had been compromised in the attack. Learn more below. How can the data be used? "Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users," Microsoft said. Retardistan is by far the largest provider of tools to keep our youth memerised, so take a break sit back and think about what would be good for our communities and not just for your hip pocket. Where should the data live and where shouldnt it live? Hey Sergiu, do you have a CVE for this so I can read further on the exposure? Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. Sarah Tew/CNET. 4 Work Trend Index 2022, Microsoft. It can be overridden too so it doesnt get in the way of the business. "We've confirmed that the endpoint has been secured as of Saturday, September 24, 2022, and it is now only accessible with required authentication," Microsoft said. Lets look at four of the biggest challenges of sensitive data and strategies for protecting it. "On September 24, 2022, SOCRadar's built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider," SOCRadarsaid. After all, people are busy, can overlook things, or make errors. In April 2019, Microsoft announced that hackers had acquired a customer support agents credentials, giving them access to some webmail accounts including @outlook.com, @msn.com, and @hotmail.com accounts between January 1, 2019, and March 28, 2019. Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar. November 7, 2022: ISO 27017 Statement of Applicability Certificate: A.16.1: Management of information security incidents and improvements: November 7, 2022: ISO 27018 Statement of Applicability Certificate: A.9.1: Notification of a data breach involving PII: November 7, 2022: SOC 1: IM-1: Incident management framework IM-2: Detection mechanisms . After SCORadar flagged a Microsoft data breach at the end of October, the company confirmed that a server misconfiguration had caused 65,000+ companies' data to be leaked. On March 20 th 2022, the Lapsus$ group shared a snapshot to its Telegram channel showing that they have breached Microsoft. One thing is clear, the threat isn't going away. "Our investigation did not find indicators of compromise of the exposed storage location. We've compiled 98 data breach statistics for 2022 that also cover types of data breaches, industry-specific stats, risks, costs, as well as data breach defense and prevention resources. The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks. UPDATED 19:31 EST / OCTOBER 19 2022 SECURITY Microsoft data breach in September may have exposed customer information by Duncan Riley Microsoft Corp. today revealed details of a server. The most recent Microsoft breach occurred in October 2022, when data on over 548,000 users was found on an misconfigured server. If hackers gained access to that Skype password, they could effectively bypass the two-factor authentication, giving them access. Microsoft did not say how many potential customers were exposed by the misconfiguration, but in a separate post, SOCRadar, which describes the exposure as BlueBleed, puts the figure at more than 65,000. April 2022: Kaiser Permanente. Once within the system, attackers could also view, alter, or remove data, create new user accounts, and more. Security intelligence from around the world. ", Furthermore, Redmond said that SOCRadar's decision to collect the data and make it searchable using a dedicated search portal "is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk. Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. Microsoft is facing criticism for the way it disclosed a recent security lapse that exposed what a security company said was 2.4 terabytes of data that included signed invoices and contracts . Thu 20 Oct 2022 // 15:00 UTC. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. Today's tech news, curated and condensed for your inbox. A misconfigured Microsoft endpoint resulted in the potential for unauthenticated access to some business transaction data. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. A threat group calling itself Lapsus$ announced recently that it had gained access to the source code of Microsoft products such as Bing and Cortana. 2. Apples security trumps Microsoft and Twitters, say feds, LastPass reveals how it got hacked and its not good news, A beginners guide to Tor: How to navigate the underground internet. Microsoft was alerted by security researchers at SOCRadar about a misconfigured endpoint that had exposed some customer information. A late 2022 theft of LastPass's decrypted password vaults has been tracked to one of the company's DevOps engineers, as attackers reportedly targeted a vulnerability in a media software package on the employee's home computer. The tech giant has thanked SOCRadar, but its not happy with the companys blog post, claiming that it greatly exaggerates the scope of the issue and the numbers involved. In recent years under the leadership of CEO Satya Nadella, Microsoft made data security and privacy practices central pillars of of its operations, so it is refreshing to see the company take swift action to correcting the security flaw. 2 Risk-based access policies, Microsoft Learn. In a year of global inflation and massive rises in energy costs, it should come as no surprise that the cost of a data breach has also reached . A sophisticated attack on Microsoft Corp. 's widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before . If you're looking for more privacy while browsing, Tor is a good way to do that, as it is software that allows users to browse the web anonymously. October 20, 2022 2 minute read The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online - Thanks to a database misconfiguration - The researchers have dubbed the incident "BlueBleed." In March 2022, the group posted a torrent file online containing partial source code from . The vulnerability allowed attackers to gain the same access privileges as an authorized user with administrative rights, giving the hackers the ability to take complete control of an impacted system. As Microsoft continued to investigate activities relating to the SolarWinds hackers which Microsoft dubbed Nobelium it determined that additional systems had been compromised by the attackers. They also can diminish the trust of those who become the victims of identity theft, credit card fraud, or other malicious activities as a result of those breaches. . "We redirect all our customers to MSRC if they want to see the original data. 6Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt, Ryan Browne, CNBC. In October 2017, word broke that an internal database Microsoft used to track bugs within Microsoft products and software was compromised back in 2013. As the specialist looked for more details regarding what was happening, more hacking activity was uncovered. In July 2021, the Biden administration, along with the FBI, accused China of the data breach. Copyright 2023 Wired Business Media. While Microsoft refrained from providing any additional details regarding this data leak, SOCRadar revealed in a blog post published today that the data was stored on misconfigured Azure Blob Storage. Data governance ensures that your data is discoverable, accurate, trusted, and can be protected. Some solution providers divorce productivity and compliance and try to merely bolt-on data protection. Microsoft is investigating claims that an extortion-focused hacking group that previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal . Though Microsoft would not reveal how many people were impacted, SOCRadar researchers claimed that 65,000 entities across 111 countries may have had their data compromised, which includes. Once the hackers could access customer networks, they could use customer systems to launch new attacks. 5 The future of compliance and data governance is here: Introducing Microsoft Purview, Alym Rayani. In March 2013, nearly 3,000 Xbox Live users had their credentials exposed after participating in a poll and entering a prize draw. Organizations can face big financial or legal consequences from violating laws or requirements. According to the newest breach statistics from the Identity Theft Research Center, the number of victims . The company revealed that information that may have been exposed as a result of the breach include names, email addresses, email content, company name, phone numbers, and other attached files, but Microsoft stopped short of revealing how many entities were impacted. Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place. In 2020, Equifax was made to pay further settlements relating to the breach: $7.75 million (plus $2 million in legal fees) to financial institutions in the US plus $18.2 million and $19.5 million . Get the best of Windows Central in your inbox, every day! However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users. (Matt Wilson), While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in a self-service manner are becoming increasingly popular. Azure and Breach Notification under the GDPR further details how Microsoft investigates, manages, and responds to security incidents within Azure. Dubbed BlueBleed Part 1, the Microsoft data leak exposed at least 2.4 terabytes of sensitive data belonging to 65,000 entities in 111 countries. The flaws in Cosmos DB created a functional loophole, enabling any user to access a slew of databases and download, alter, or delete information contained therein. Common types of sensitive data include credit card numbers, personally identifiable information (PII) like a home address and date of birth, Social Security Numbers (SSNs), corporate intellectual property (IP) like product schematics, protected health information (PHI), and medical record information that could be used to identify an individual. "Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint," Microsoft wrote in a detailed security response blog post (opens in new tab). Bookmark theSecurity blogto keep up with our expert coverage on security matters. ..Emnjoy. Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Click here to join the free and open Startup Showcase event. The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shors algorithm to crack PKI encryption. Below, youll find a full timeline of Microsoft data breaches and security incidents, starting with the most recent. Due to persistent pressure from Microsoft, we even have to take down our query page today. Microsoft admits a storage misconfiguation, data tracker leads to a data breach at a second US hospital chain, and more. Microsoft has confirmed one of its own misconfigured cloud systems led to customer information being exposed to the internet, though it disputes the extent of the leak. The misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provision of Microsoft services. (Marc Solomon), History has shown that when it comes to ransomware, organizations cannot let their guards down. Attackers typically install a backdoor that allows the attacker . Microsoft, one of the world's largest technology companies, suffered a serious security breach in March 2022. Redmond added that the leak was caused by the "unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem" and not due to a security vulnerability. However, the organizations are ultimately the ones that applied the settings, making them responsible for the leaks, as well. News Corp. News Corp., the publisher of the Wall Street Journal and a range of global media outlets, said in a securities filing that it was hit by a cyberattack in January 2022 and that some data . ", According to aMicrosoft 365 Admin Centeralertregarding this data breach published on October 4, 2022, Microsoft is "unable to provide the specific affected data from this issue.". 'Xbox will exist' if Activision Blizzard deal falls through, says Microsoft's Phil Spencer, A London musician recorded with Muse and Phil Collins, now he's co-producing with ChatGPT, Windows Central Podcast #301: Windows 11, Xbox, Bing. Reach a large audience of enterprise cybersecurity professionals. The data included information such as email addresses and phone numbers all the more reason to keep sensitive details from public profiles. Instead of finding these breaches out by landing on a page by accident or not, is quite concerning The company secured the server after being. February 21, 2023. 3. Several members of the group were later indicted, and one member, David Pokora, became the first foreign hacker to ever receive a sentence on U.S. soil. While some of the data that may have been accessed seem trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers, Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. 1Cost of a Data Breach Report 2021, Ponemon Institute, IBM. "The leaked data does not belong to us, so we keep no data at all," Seker told Bleeping Computer, noting that his company was disappointed with Microsoft's accusations. As a result, the impact on individual companies varied greatly. The database contained records collected dating back as far as 2005 and as recently as December 2019. News Corp asserted that no customer data was stolen during the breach, and that the company's everyday work wasn't hindered. SOCRadar described it as one of the most significant B2B leaks. The Most Recent Data Breaches And Security Breaches 2021 To 2022 Jason Wise Published on: July 26, 2022 Last Updated: January 16, 2023 Fact Checked by Marley Swindells In this blog, we will be discussing the most recent data breaches and security breaches and other relevant information. Lapsus$ Group's Extortion Rampage. Microsoft also disputed some key details of SOCRadars findings: After reviewing their blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue. They were researching the system and discovered various vulnerabilities relating to Cosmos DB, the Azure database service. Chuong's passion for gadgets began with the humble PDA. Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. For their part, Lapsus$ has repeatedly stated that their motivations are purely financial: Remember: The only goal is money, our reasons are not political. They appear to exploit insider threats, and recently posted a notice asking tech workers to compromise their employers. A cybercriminal gang, Lapsus$, managed to breach some of the largest tech companies in the world - including Samsung, Ubisoft, and most recently, Microsoft Bing. Almost 2,000 data breaches reported for the first half of 2022. by Lance Whitney in Security. New York CNN Business . This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand, Kron added. The breach . The IT giant confirmed by stating that the hacker obtained "limited access" from one account, which Lapsus$ compromised. SOCRadar said the exposed data belonged to Microsoft and it totaled 2.4 Tb of files collected between 2017 and August 2022. In 2021, the number of data breaches climbed 68 percent to 1,862 (the highest in 17 years) with an average cost of USD4.24 million each.1 About 45 million people were impacted by healthcare data breaches alonetriple the number impacted just three years earlier.2. In August 2021, security professionals at Wiz announced that they were able to access customer databases and accounts housed on Microsoft Azure a cloud-based computing platform including records and data relating to many Fortune 500 companies. UPDATED 13:14 EST / MARCH 22 2022 SECURITY Okta and Microsoft breached by Lapsus$ hacking group by Maria Deutscher SHARE The Lapsus$ hacking group has carried out cyberattacks against Okta Inc.. In April 2021, personal data on over 500 million LinkedIn users was posted for sale on a hacker forum. In February 2022, News Corp admitted server breaches way back to February 2020. Microsoft is another large enterprise that suffered two major breaches in 2022. "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster.". Heres how it works. After classifying data as confidential or highly confidential, you must protect it against exposure to nefarious actors. Data Breach Response: Microsoft determines appropriate priority and severity levels of a breach by investigating the functional impact, recoverability, and information impact of the incident. 43. The company said the leak included proof-of-execution (PoE) and statement of work (SoW) documents, user information, product orders and offers, project details, and personal information. Bako Diagnostics' services cover more than 250 million individuals. Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. October 2022: 548,000+ Users Exposed in BlueBleed Data Leak The messages were being sent through compromised accounts, including users that signed up for Microsofts two-factor authentication. Learn four must-haves for multicloud data protection, including how an integrated solution provides greater scalability and protection across your multicloud and hybrid environment. 2Cyberattacks Against Health Plans, Business Associates Increase, Jill McKeon, HealthITSecurity xtelligent Healthcare Media. By SOCRadars account, this data pertained to over 65,000 companies and 548,000 users, and included customer emails, project information, and signed documents. The most common Slack issues and how to fix them, ChatGPT: how to use the viral AI chatbot that everyones talking about, 5 Windows 11 settings to change right now, Cybercrime spiked in 2022 and this year could be worse, New Windows 11 update adds ChatGPT-powered Bing AI to the taskbar. Data Breaches. Also, consider standing access (identity governance) versus protecting files. To abide by the data minimization principle, once the data is no longer serving its purpose, it must be deleted. Greetings! Microsoft Digital Defense Report 2022 Illuminating the threat landscape and empowering a digital defense. SolarWinds is a major software company based in Tulsa, Okla., which provides system management tools for network and infrastructure monitoring, and other technical services to hundreds of thousands of organizations around the world. > Redmond added that the leak was caused by the "unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem" and *not due to a security vulnerability.*. In July 2021, the Biden administration and some U.S. allies formally stated that they believed China was to blame. "Our investigation found no indication customer accounts or systems were compromised. Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsofts verified publisher status. Microsoft followed suit and named a Chinese state-sponsored hacker group, Hafnium, as the culprit behind the attack. Among the company's products is an IT performance monitoring system called Orion. Additionally, it wasnt immediately clear who was responsible for the various attacks. In May 2016, security experts discovered a data cache featuring 272.3 million stolen account credentials. The only way to ensure that your sensitive data is stored properly is with a thorough data discovery process. The tech giant announced in June 2021 that it found malware designed to steal information on a customer support agents computer, potentially allowing the hackers to access basic account information on a limited number of customers. Learn more about how to protect sensitive data. Microsoft Data Breach Source: youtube.com. Mainly, this is because the resulting hacks werent all administered by a single group for one purpose. They are accountable for protecting information and sharing data via processes and workflows that enable protection, while also not hindering workplace productivity. Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding. Earlier this year, Microsoft, along with other technology firms, made headlines for a series of unrelated breaches as a result of cyber hacking from the Lapsus$ group. ", Microsoft added today that it believes SOCRadar "greatly exaggerated the scope of this issue" and "the numbers. Jay Fitzgerald. Since sensitive data is everywhere, we recommend looking for a multicloud, multi-platform solution that enables you to leverage automation. That leads right into data classification. Posted: Mar 23, 2022 5:36 am. Patrick O'Connor, CISSP, CEH, MBCS takes a look at significant security incidents in 2022 so far: some new enemies, some new weaknesses but mostly the usual suspects. The group posted a screenshot on Telegram to. Look for data classification technology solutions that allow auto-labeling, auto-classification, and enforcement of classification across an organization. Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. Upon being notified of the misconfiguration, the endpoint was secured. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking. Based in the San Francisco Bay Area, when not working, he likes exploring the diverse and eclectic food scene, taking short jaunts to wine country, soaking in the sun along California's coast, consuming news, and finding new hiking trails. Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users, Microsoft pointed out. Since dozens of organizations including American Airlines, Ford Motor Co., and the New York Metropolitan Transportation Authority were involved, the nature of the exposed data varied. In June 2012, word of a man-in-the-middle attack that allowed hackers to distribute malware by disguising the malicious code as a genuine Microsoft update emerged. SOCRadar described it as "one of the most significant B2B leaks". In 2021, the effects of ransomware and data breaches were felt by all of us. The company's support team also reportedly told customers who reached out that it would not notify data regulators because "no other notifications are required under GDPR" besides those sent to impacted customers. Microsoft solutions offer audit capability where data can be watched and monitored but doesnt have to be blocked. Poll: Do you think Microsoft's purchase of Activision Blizzard will be approved? Search can be done via metadata (company name, domain name, and email). In Microsoft's server alone, SOCRadar claims to have found2.4 TB of data containing sensitive information, withmore than 335,000 emails, 133,000 projects, and 548,000 exposed users discovered while analyzing the leaked files until now. Through the vulnerabilities, the researchers were able to gain complete access to data, including a selection of databases and some customer account information relating to thousands of accounts. Written by RTTNews.com for RTTNews ->. The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users. He was imprisoned from April 2014 until July 2015. While its known that the records were publicly accessible, it isnt clear whether the data was actually accessed by cybercriminals.