Microsoft has confirmed one of its own misconfigured cloud systems led to customer information being exposed to the internet, though it disputes the extent of the leak.
In a revelation this week, Microsoft’s Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 about a misconfigured endpoint that exposed business transaction data related to interactions between Microsoft and its customers.
The information included planned use or potential implementation and provisioning of Microsoft services, according to MSRC. Once notified, Microsoft secured its endpoint, which now can only be accessed through appropriate authentication. To be clear: Microsoft screwed up the configuration of a storage system in its own cloud, revealing customer information it was supposed to keep private.
Read more…
Source: The Register