Lakeside House, Quarry Lane, Chichester PO19 8NY

hello@lms.group

Microsoft confirms server misconfiguration

This week Microsoft confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet without any authentication.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," said Microsoft.

Microsoft also emphasized that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability."

Microsoft did not reveal the scale of the data leak, but according to other sources, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

There is no evidence that the information was improperly accessed by threat actors prior to the disclosure, but such leaks could be exploited for malicious purposes such as extortion, social engineering attacks, or a quick profit.

If you have yet to put a robust cyber security plan in place, please get in touch with our cyber security experts on 0330 088 2565 or visit our contact us page.

Visit LMS Group HQ