"Microsoft Customer Data Exposed by Misconfigured Server"

A misconfigured server exposed sensitive information for some Microsoft customers, according to the Microsoft Security Response Center. The misconfigured endpoint could have been accessed over the Internet and did not require authentication. According to the company, the exposed data included names, email addresses, email content, company names, phone numbers, and files relating to business between a customer and Microsoft or an authorized Microsoft partner. The endpoint has already been secured to require authentication, and customers who have been affected have been notified. This misconfiguration allowed unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services, according to Microsoft, which added that no customer accounts or systems were compromised. A research team at SOCRadar informed Microsoft of the misconfiguration on September 24. SOCRadar claimed to have discovered 2.4TB of emails and project files containing Statement of Work (SOW) documents, product orders, project details, Personally Identifiable Information (PII), invoices, price lists, and "documents that may reveal intellectual property." According to the researchers, the exposed data could be linked to over 65,000 entities from 111 countries. This article continues to discuss the exposure of Microsoft customer data due to a misconfigured server. 

Dark Reading reports "Microsoft Customer Data Exposed by Misconfigured Server"