Hacker group LAPSUS$ - branded DEV-0537 in Microsoft's blog post . Microsoft had been aware of the problem months prior, well before the hacks occurred. In total, SOCRadar claims it was able to link this sensitive information to more than 65,000 entities from 111 countries stored in files dated from 2017 to August 2022. Among the company's products is an IT performance monitoring system called Orion. The extent of the breach wasnt fully disclosed to the public, though former Microsoft employees did state that the database contained descriptions of existing vulnerabilities in Microsoft software, including Windows operating systems. Regards.. Save my name, email, and website in this browser for the next time I comment. Eduard Kovacs March 23, 2022 Microsoft and Okta have both confirmed suffering data breaches after a cybercrime group announced targeting them, but the companies claim impact is limited. "Threat actors who may have accessed the bucket may use this information in different forms for extortion, blackmailing, creating social engineering tactics with the help of exposed information, or simply selling the information to the highest bidder on the dark web and Telegram channels," SOCRadar warned. The hacker was charging the equivalent of less than $1 for the full trove of information. : +1 732 639 1527. "No data was downloaded. After digging deeper, the specialist noticed more unexpected activities, including requests relating to specific emails and for confidential files. If hackers gained access to that Skype password, they could effectively bypass the two-factor authentication, giving them access. Microsoft itself has not publicly shared any detailed statistics about the data breach. While the exact number isnt clear, the issue potentially impacted over 30,000 U.S. companies, and as many as 60,000 companies worldwide. Microsoft. No data was downloaded. To abide by the data minimization principle, once the data is no longer serving its purpose, it must be deleted. As Microsoft continued to investigate activities relating to the SolarWinds hackers which Microsoft dubbed Nobelium it determined that additional systems had been compromised by the attackers. Chuong's passion for gadgets began with the humble PDA. Microsoft stated that a very small number of customers were impacted by the issue. In 2021, the effects of ransomware and data breaches were felt by all of us. Can somebody tell me how much BlueBleed (socradar.io) is trustworthy? Overall, hundreds of users were impacted. Today's tech news, curated and condensed for your inbox. However, its close to impossible to handle manually. "Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint," Microsoft wrote in a detailed security response blog post (opens in new tab). (Matt Wilson), While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in a self-service manner are becoming increasingly popular. The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users. Poll: Do you think Microsoft's purchase of Activision Blizzard will be approved? Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. Forget foldables, MrMobile goes hands-on with Lenovo's rollable laptop concept. Microsoft has confirmed sensitive information from. However, an external security research firm who reported the issue to Microsoft, confirmed that they had accessed the data as a part of their research and investigation into the issue.". Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems, SOCRadar VP of Research and CISO Ensar eker told BleepingComputer. Bookmark theSecurity blogto keep up with our expert coverage on security matters. IBM found that the global average cost of a data breach in 2022 was the highest ever since the dawn of conducting these reports. March 3, 2022: Laboratory Bako Diagnostics (BakoDX) confirmed that the company experienced a data breach resulting in the personal and healthcare information of certain consumers being compromised. Learn four must-haves for multicloud data protection, including how an integrated solution provides greater scalability and protection across your multicloud and hybrid environment. ..Emnjoy. One of these fines was related to violating the GDPRs personal data processing requirements. In Microsoft's server alone, SOCRadar claims to have found2.4 TB of data containing sensitive information, withmore than 335,000 emails, 133,000 projects, and 548,000 exposed users discovered while analyzing the leaked files until now. Lets look at four of the biggest challenges of sensitive data and strategies for protecting it. In 2021, the number of data breaches climbed 68 percent to 1,862 (the highest in 17 years) with an average cost of USD4.24 million each.1 About 45 million people were impacted by healthcare data breaches alonetriple the number impacted just three years earlier.2. "On this query page, companies can see whether their data is published anonymously in any open buckets. Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. Security breaches are very costly. For data classification, we advise enforcing a plan through technology rather than relying on users. As the specialist looked for more details regarding what was happening, more hacking activity was uncovered. Considering the potentially costly consequences, how do you protect sensitive data? Got a confidential news tip? Kron noted that although cloud services can be very convenient, and if secured properly, also very secure, when a misconfiguration occurs, the information can be exposed to many more potential people than on traditional internal on-premise systems. 3 How to create and assign app protection policies, Microsoft Learn. Data Breaches. In June 2012, word of a man-in-the-middle attack that allowed hackers to distribute malware by disguising the malicious code as a genuine Microsoft update emerged. Microsoft has confirmed it was hacked by the same group that recently targeted Nvidia and Samsung. Also, consider standing access (identity governance) versus protecting files. (Joshua Goldfarb), Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. Besideswhat wasfound inside Microsoft's misconfigured server, BlueBleed also allows searching for data collected from five otherpublic storage buckets. When an unharmed machine attempted to apply a Microsoft update, the request was intercepted before reaching the Microsoft update server. A configuration issue allowed customers to download Offline Address Books which contained business contact information for employees of other users inadvertently. Per SOCRadar's analysis, these files contain customer emails, SOW documents, product offers,POC (Proof of Concept) works, partner ecosystem details, invoices, project details, customer product price list,POE documents, product orders, signed customer documents, internal comments for customers, sales strategies, and customer asset documents. In a blog post late Tuesday, Microsoft said Lapsus$ had. We've compiled 98 data breach statistics for 2022 that also cover types of data breaches, industry-specific stats, risks, costs, as well as data breach defense and prevention resources. Since sensitive data is everywhere, we recommend looking for a multicloud, multi-platform solution that enables you to leverage automation. Before founding the Firewall Times, he was Vice President of SEO at Fit Small Business, a website devoted to helping small business owners. The data protection authorities have issued a total of $1.25 billion in fines over breaches of the GDPR since January 28, 2021.5. If you have been impacted from this potential data breach, you will receive details and instructions from Microsoft. Common types of sensitive data include credit card numbers, personally identifiable information (PII) like a home address and date of birth, Social Security Numbers (SSNs), corporate intellectual property (IP) like product schematics, protected health information (PHI), and medical record information that could be used to identify an individual. The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords. Of an estimated 294 million people hacked in 2021, about 164 million were at risk because of data exposure eventswhen sensitive data is left vulnerable online.3. It all began in August 2022, when LastPass revealed that a threat actor had stolen the apps source code. ", Microsoft added today that it believes SOCRadar "greatly exaggerated the scope of this issue" and "the numbers. The SOCRadar researchers also note that the leaking data on the Azure Blob Storage instance totaled 2.4 terabytes and included proof-of-execution and statement-of-work documents, including some that may reveal intellectual property. He graduated from the University of Virginia with a degree in English and History. Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. (Marc Solomon), History has shown that when it comes to ransomware, organizations cannot let their guards down. Thu 20 Oct 2022 // 15:00 UTC. This presentation will provide an overview of the security risks associated with SaaS, best practices for mitigating these risks and protecting data, and discuss the importance of regularly reviewing and updating SaaS security practices to ensure ongoing protection of data. SOCRadar said the exposed data belonged to Microsoft and it totaled 2.4 Tb of files collected between 2017 and August 2022. Having been made aware of the breach on September 24, 2022, Microsoft released a statement saying it had secured the comprised endpoint, which is now only accessible with required authentication, and that an investigation found no indication customer accounts or systems were compromised.. The misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provision of Microsoft services. VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system. A database containing 250 million Microsoft customer records has been found unsecured and online NurPhoto via Getty Images A new report reveals that 250 million Microsoft customer records,. In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note. Patrick O'Connor, CISSP, CEH, MBCS takes a look at significant security incidents in 2022 so far: some new enemies, some new weaknesses but mostly the usual suspects. 229 SHARES FacebookRedditLinkedinTelegramWhatsappTweet Me The flaws in Cosmos DB created a functional loophole, enabling any user to access a slew of databases and download, alter, or delete information contained therein. The data discovery process can surprise organizationssometimes in unpleasant ways. Why does Tor exist? Apples security trumps Microsoft and Twitters, say feds, LastPass reveals how it got hacked and its not good news, A beginners guide to Tor: How to navigate the underground internet. The Allianz Risk Barometer is an annual report that identifies the top risks for companies over the next 12 months. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking. The most recent Microsoft breach occurred in October 2022, when data on over 548,000 users was found on an misconfigured server. Five insights you might have missed from the Dell-DXC livestream event, Interview: Here's how AWS aims to build new bridges for telcos into the cloud-native world, Dell addresses enterprise interest in a simpler consolidated security model, The AI computing boom: OctoML targets machine learning workload deployment, Automation is moving at a breakneck pace: Heres how that trend is being leveraged in enterprise IT, DIVE INTO DAVE VELLANTES BREAKING ANALYSIS SERIES, Dave Vellante's Breaking Analysis: The complete collection, MWC 2023 highlights telco transformation and the future of business, Digging into Google's point of view on confidential computing, Cloud players sound a cautious tone for 2023. The cost of a data breach in 2022 was $4.35M - a 12.7% increase compared to 2020, when the cost was $3.86M. Like many underground phenomena on the internet, it is poorly understood and shrouded in the sort of technological mysticism that people often ascribe to things like hacking or Bitcoin. While its known that the records were publicly accessible, it isnt clear whether the data was actually accessed by cybercriminals. Almost 70,000 patients had their personal data compromised in a recent breach of Kaiser Permanente. The most common Slack issues and how to fix them, ChatGPT: how to use the viral AI chatbot that everyones talking about, 5 Windows 11 settings to change right now, Cybercrime spiked in 2022 and this year could be worse, New Windows 11 update adds ChatGPT-powered Bing AI to the taskbar. Microsoft also took issue with SOCRadar's use of the BlueBleed tool to crawl through servers to figure out what information, if any, may have been exposed as a result of security flaws or breaches. The data included information such as email addresses and phone numbers all the more reason to keep sensitive details from public profiles. Reach a large audience of enterprise cybersecurity professionals. Exposed data included names, email addresses, email content, company name and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. To learn more about Microsoft Security solutions,visit ourwebsite. Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak Oct 21, 2022 Ravie Lakshmanan Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. 43. Eduard holds a bachelors degree in industrial informatics and a masters degree in computer techniques applied in electrical engineering. They were researching the system and discovered various vulnerabilities relating to Cosmos DB, the Azure database service. A message from John Furrier, co-founder of SiliconANGLE: Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Microsoft data breach exposes customers contact info, emails. Microsoft disputed SOCRadar's claims and fired back at the researchers stating that their estimations are over-exaggerated. While Microsoft worked quickly to patch the vulnerabilities, securing the systems relied heavily on the server owners. Written by RTTNews.com for RTTNews ->. The proposed Securities and Exchange Commission rule creates new reporting obligations for United States publicly traded companies to disclose cybersecurity incidents, risk management, policies, and governance. The company secured the server after being. Senior Product Marketing Manager, Microsoft, Featured image for SEC cyber risk management rulea security and compliance opportunity, SEC cyber risk management rulea security and compliance opportunity, Featured image for 4 things to look for in a multicloud data protection solution, 4 things to look for in a multicloud data protection solution, Featured image for How businesses are gaining integrated data protection with Microsoft Purview, How businesses are gaining integrated data protection with Microsoft Purview, Azure Active Directory part of Microsoft Entra, Microsoft Defender Vulnerability Management, Microsoft Defender Cloud Security Posture Mgmt, Microsoft Defender External Attack Surface Management, Microsoft Purview Insider Risk Management, Microsoft Purview Communication Compliance, Microsoft Purview Data Lifecycle Management, Microsoft Security Services for Enterprise, Microsoft Security Services for Incident Response, Microsoft Security Services for Modernization, Cyberattacks Against Health Plans, Business Associates Increase, Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected, Allianz Risk Barometer 2022:Cyber perils outrank Covid-19 and broken supply chains as top global business risk, Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt. News Corp asserted that no customer data was stolen during the breach, and that the company's everyday work wasn't hindered. 2. The screenshot posted to their Telegram channel showed that Bing, Cortana, and other projects had been compromised in the attack. "We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.". Organizations can face big financial or legal consequences from violating laws or requirements. 1Cost of a Data Breach Report 2021, Ponemon Institute, IBM. Microsoft Data Breach. The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability, Microsoft explained. SOCRadar described it as "one of the most significant B2B leaks". Microsoft confirmed on Wednesday that a misconfigured endpoint exposed data, which the company said was related to business transaction data corresponding to interactions between Microsoft and prospective customers. Azure and Breach Notification under the GDPR further details how Microsoft investigates, manages, and responds to security incidents within Azure. According to Microsoft, the exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner. 2 Risk-based access policies, Microsoft Learn. That allowed them to install a keylogger onto the computer of a senior engineer at the company. Additionally, Microsoft had issue with the way that SOCRadar researchers handled their discovery of the breach by using a search tool to try to connect the data. Microsoft has not been pleased with SOCRadars handling of this breach, having stated that encouraging entities to use its search tool is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.. This is much easier with support for sensitive data types that can identify data using built-in or custom regular expressions or functions. Microsoft uses the following classifications: Identifying data at scale is a major challenge, as is enforcing a process so employees manually mark documents as sensitive. SOCRadar uses its BlueBleed tool to crawl through compromised systems to find out what information can readily be obtainable and accessible by malicious actors. Upgrade your lifestyleDigital Trends helps readers keep tabs on the fast-paced world of tech with all the latest news, fun product reviews, insightful editorials, and one-of-a-kind sneak peeks. November 16, 2022. ", Furthermore, Redmond said that SOCRadar's decision to collect the data and make it searchable using a dedicated search portal "is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk. Microsoft (nor does any other cloud vendor) like it when their perfect cloud is exposed for being not so perfect after all. The tech giant has thanked SOCRadar, but its not happy with the companys blog post, claiming that it greatly exaggerates the scope of the issue and the numbers involved. The yearly average data breach cost increased the most between the year's 2020 and 2021 - a spike likely influenced by the COVID-19 pandemic. Ultimately, the responsibility of preventing accidental data exposure falls on the Chief Information Security Officer (CISO) and Chief Data Officer. Numerous government agencies including the Department of Defense, Department of Homeland Security, Department of Justice, and Federal Aviation Administration, among others were impacted by the attack. "We've confirmed that the endpoint has been secured as of Saturday, September 24, 2022, and it is now only accessible with required authentication," Microsoft said. This will make it easier to manage sensitive data in ways to protect it from theft or loss. ", According to aMicrosoft 365 Admin Centeralertregarding this data breach published on October 4, 2022, Microsoft is "unable to provide the specific affected data from this issue.". Microsoft has criticised security firm SOCRadar for "exaggerating" the extent of the data leak and for making a search tool that allows organisations to see if their data was exposed. Microsoft Digital Defense Report 2022 Illuminating the threat landscape and empowering a digital defense. The company learned about the misconfiguration on September 24 and secured the endpoint. Many people are justifiably worried about their personal information being stolen or viewed, including bank records, credit card info, and browser or login history. New York CNN Business . Instead, we recommend an approach that integrates data protection into your existing processes to protect sensitive data. . Once its system was impacted, additional hacking activity occurred through its systems, allowing the attackers to reach Microsoft customers as a result. Read our posting guidelinese to learn what content is prohibited. Microsoft Breach - March 2022. Many feel that a simple warning in technical documentation isnt sufficient, potentially putting part of the blame on Microsoft. Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. The main concern is that the data could make the customers prime targets for scammers, as it would make it easier for them to impersonate Microsoft support personnel. Instead of finding these breaches out by landing on a page by accident or not, is quite concerning Product Source Code Compromised March 25, 2022 | In News | By admin Hacker group Lapsus$ had breached Microsoft, and it claimed that they compromised the source code of various Microsoft products. Microsoft confirmed that a misconfigured system may have exposed customer data. Some records contained highly sensitive personal information, such as full names, birth dates, Social Security numbers, addresses, and demographic details. However, News Corp uncovered evidence that emails were stolen from its journalists. Among the targeted SolarWinds customers was Microsoft. But there werent any other safeguards in place, such as a warning notification inside the software announcing that a system change would make the data public. MWC 2023 moves beyond consumer and deep into enterprise tech, Carrier equipment maker Ericsson lets go 8,500 employees, Apple reportedly planning second-generation mixed reality headset for 2025, Report: Justice Department plans lawsuit to block Adobe's $20B Figma acquisition, Galaxy Digital finalizes $44M acquisition of crypto self-custody platform GK8, Meta releases LLaMA to democratize access to large language AI models, INFRA - BY MARIA DEUTSCHER . In it, they asserted that no customer data had been compromised; per Microsofts description, only a single account was hijacked, and the companys security team was able to stop the attack before Lapsus$ could infiltrate any deeper into their organization. Due to persistent pressure from Microsoft, we even have to take down our query page today, he added. 4Allianz Risk Barometer 2022:Cyber perils outrank Covid-19 and broken supply chains as top global business risk, Allianz Risk Barometer. A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. As mentioned earlier, data discovery requires locating all the places where your sensitive data is stored. Sensitive data can live in unexpected places within your organization. You dont want to store data longer than necessary because that increases the amount of data that could be exposed in a breach. Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsofts verified publisher status. SOCRadar'sdata leak search portal is namedBlueBleed and it allowscompaniesto find if their sensitive info wasalso exposed with the leaked data. A cybercriminal gang, Lapsus$, managed to breach some of the largest tech companies in the world - including Samsung, Ubisoft, and most recently, Microsoft Bing. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. All Rights Reserved. Additionally, we found that no customer accounts and systems were compromised due to unrestricted access. Data leakage protection is a fast-emerging need in the industry. Due to the security incident, the Costa Rican government established a new Cyber Security Council to better protect citizens' data in the future. Microsoft releases Windows security updates for Intel CPU flaws, Microsoft PowerToys adds Paste as plain text and Mouse Jump tools, Microsoft Exchange Online outage blocks access to mailboxes worldwide, Windows 11 Moment 2 update released, here are the many new features, Microsoft Defender app now force-installed for Microsoft 365 users.