In its Microsoft Security Response Center (MSRC) advisory confirming the bug, the company says it has known about it since September 24. That is when SOCRadar told Microsoft about the problem. MSRC says the BlueBleed problem stems from a misconfiguration in the Azure Blob Storage bucket. The bug allowed data between Microsoft and customers to be available publicly. This data includes email addresses, names, company names, file attachments, phone numbers, and the contents of emails. While Microsoft is confirming the bug, the company is also critical of SOCRadar. The company says the security research firm overstated the issue by calling it “one of the largest B2B leaks in recent years”. SOCRadar said the data covered 65,000 entities and affected 111 different countries.
Microsoft’s Response
Microsoft argues much of the data loss from the misconfiguration is duplicate and that SOCRadar is blowing it out of proportion: “We appreciate SOCRadar informing us about the misconfigured endpoint, but after reviewing their blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue. Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error. More importantly, we are disappointed that SOCRadar has chosen to release publicly a “search tool” that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.” Tip of the day: Headsets are a vital tool for communication and can cause stressful moments when they don´t work as planned. In our tutorial we are showing you how to properly set up a headset on your Windows PC so this will be a thing of the past.