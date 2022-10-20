Microsoft has confirmed that some of its customers’ personal information has been exposed by an unintentionally misconfigured server that allowed unauthenticated access to business transaction data.

The tech giant confirmed that it secured the server after cybersecurity researchers at SOCRadar notified it of the leak on 24 September 2022.

Microsoft explained that the flaw made it possible to gain unauthenticated access to business transaction data relating to interactions between the company and potential customers.

“Our investigation found no indication customer accounts or systems were compromised. We have directly notified the affected customers,” it added.

Microsoft said that the exposed information includes the following:

Names;

Email addresses and email content;

Company names;

Phone numbers; and

Files linked business between customers and Microsoft or authorised Microsoft partners.

Microsoft explained that while it appreciates SOCRadar informing it about the breach, it is disappointed with the cybersecurity firm’s exaggeration of the issue.

“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft said.

“We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.”

