Microsoft Storage Location Expose Customers’ Information

Microsoft Storage Location Expose Customers’ Information

One of Microsoft clients’ critical data was exposed due to a storage server configuration error, according to Microsoft Corporation. The misconfiguration, as for the investigation, permitted unauthorized access to some business transaction data from contacts between Microsoft and customers, including planning and provisioning client services.

The international IT company safeguarded its server after getting the alert. Names, email addresses, email contents, company names, phone numbers, and business documents between the affected clients and Microsoft or an approved Microsoft partner are among the information that has been exposed. Customer accounts and systems were not affected by this exposure. The business added that the leak was caused by an inadvertent configuration error of an endpoint that was not in use in their environment and not cause of a security vulnerability.

Microsoft recommend any security company that wants to provide a similar tool to follow the basic measures to enable data protection and privacy:

  1. To implement a reasonable verification system to ensure that a user is who it purports to be;
  2. To follow data minimization principles by scoping the results delivered solely to information pertaining to that verified user only;
  3. where that company is not in a position to determine with reasonable fidelity which customers had affected data, to not then surface to a given user information (including metadata/filenames) that may belong to another customer.
Source

https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/

No Image - Microsoft Storage Location Expose Customers’ Information
May 21st, 2024

ISO 27002:2022

Copy link
Powered by Social Snap