Microsoft data breach exposes 548,000 users, intelligence firm claims

21 Oct 2022

Image: © lobro/

Microsoft said the scale of the data breach has been ‘greatly exaggerated’, while SOCRadar claims around 65,000 companies were impacted.

Microsoft has confirmed sensitive information from some of its customers was exposed due to one of its servers being misconfigured.

The exposed data includes names, email addresses, email content, company names and phone numbers. The tech giant said the breach may have included attached files relating to business between customers and Microsoft or an authorised Microsoft partner.

Microsoft was informed of the issue on 24 September by SOCRadar, a threat intelligence firm. SOCRadar claims it discovered 2.4TB of publicly available data containing sensitive information belonging to Microsoft.

SOCRadar said the leak, named BlueBleed Part I, contained data belonging to more than 65,000 companies from 111 countries.

“Researchers have discovered more than 335,000 emails, 133,000 projects, and 548,000 exposed users within the leaks so far,” SOCRadar said in a blog post.

Microsoft said it quickly secured the misconfigured endpoint after being notified. It is now “only accessible with required authentication”. The company also said the endpoint “is not in use across the Microsoft ecosystem” and that the “unintentional misconfiguration” was not the result of a security vulnerability.

Microsoft has also disputed the scale of the data breach and said SOCRadar “greatly exaggerated the scope of this issue”.

“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft said in a blog post.

“We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”

Microsoft said it informed impacted customers and provided them with instructions for contacting them on the issue. In an alleged email to a customer shared on Twitter, Microsoft said it is “unable to provide the specific affected data from this issue”.

Earlier this month, Microsoft confirmed two zero-day vulnerabilities affecting its Exchange servers were being exploited in “targeted attacks”.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic