Microsoft has reportedly leaked a massive amount of sensitive customer data which was traced from 2017. Critics said that the tech giant has failed to notify the affected users about this cybersecurity issue.
Leaked Customer Data
(Photo : Turag Photography from Unsplash)
According to SOCRadar post, 2.4TB of confidential data from more than 65,000 entities has been leaked because of the misconfiguration in the data bucket.
The cybersecurity firm confirms that the data involved in the leak include State of Work (SoW) documents, PII (Personally Identifiable Information) data, Proof-of-Execution (PoE) data, customer emails, project details, product offers, and more.
SOCRadar also notes that the above mentioned data spanned five years, particularly from 2017 to August 2022. It should be noted that Microsoft did not include the number of affected customers in its announcement.
Unfortunately, instead of acknowledging SOCRadar's finding, the Redmond giant downplayed the statement by disapproving of its post. Microsoft added that its investigation showed that no customer accounts were compromised in the process.
Related Article: Microsoft PowerPoint Users Beware: Hackers Are Using it to Spread Malware
What the Microsoft Customers Think About the Data Leak
As Ars Technica spotted, several critics immediately hit Microsoft by leaking their personal data in the exposed bucket.
According to one user, he asked the company regarding the nature of data that was exposed in the latest leak. Upon contacting Microsoft, he only received a response that says that they won't be able to provide the particular type of data.
Aside from that, customers get annoyed when Microsoft announced that it has already notified the users about the leak. However, there were some difficulties in accessing the Message Center.
As a matter of fact, it's a common tool used by administrators so in short, it's only exclusive to the admins and not to everyone. Because of this, some people did not see any notifications about the data leak.
"MS being unable (read: refusing) to tell customers what data was taken and apparently not notifying regulators-a legal requirement-has the hallmarks of a major botched response. I hope it isn't," Kevin Beaumont, a cybersecurity researcher, posted on his Twitter account.
Moreover, Beaumont showed some screenshots of the leaked data that were all posted on Grayhat Warfare for months. He saw that the purchase orders and signed contracts are in the exposed database.
Aside from the controversial leak, Microsoft is facing another issue with its data retention policy. Instead of disposing of sensitive information that is already existing for years, it perpetually holds it.
Since cybercriminals can steal data, the most recommended thing to do is to entirely destroy the whole data.
At some point, some customers are losing their trust in Microsoft. If this keeps up, the company might lose a substantial number of users in the long run because of their negligence in addressing this data leak.
Read Also: Microsoft Likely Hacked by LAPSUS$! Tech Giant Investigates After Sensitive Leak
This article is owned by Tech Times
Written by Joseph Henry