Skip to content

Microsoft has announced that a misconfigured Microsoft endpoint has resulted in the potential for unauthenticated access to business transaction data between Microsoft and its customers. The leaked data includes names, email addresses, email content, company name, and phone numbers.

Security researchers at SOCRadar initially found the misconfiguration on September 24th, 2022. However, Microsoft has refrained from adding detail to the incident; SOCRadar has published a blog reporting that over 65,000 organisations have potentially had data leaked. They said that the leak stemmed from a misconfigured Azure Blob Storage and included Proof-of-Execution and Statement of Work documents, project details, and documents that may reveal intellectual property. 

The researchers warned that threat actors who have accessed the information may use it to create social engineering attacks, such as phishing attacks, or for extortion and blackmailing. SOCRadar has created a portal to allow organisations to check if their information has been leaked in this incident.

Microsoft has said that they have directly notified impacted customers and provided them instructions for contacting Microsoft with queries or concerns. Customers that did not receive a communication from Microsoft’s Message Center were not identified as being impacted by the data leak.


Organisations that have had their data leaked in this incident should be aware that it could be used against them in social engineering attacks, specifically phishing attacks. The following steps can help prevent an attack from becoming successful:

  • Turn on spam filters and investigate possible anti-phishing solutions. Using systems that detect phishing emails can help prevent these emails from reaching your users.
  • Train staff on spotting the signs of a phishing attack, such as looking for odd email handles, urgent requests, and bad grammar and spelling.
  • Should a phishing email land in your inbox, notify all colleagues to watch out for similar emails. If possible, block the email domain and IP address associated with the malicious email.
  • Create an atmosphere of trust within your organisation – ask staff to report any phishing emails as soon as possible, especially if they have clicked on any links or files within the email.

Related Links