back to article BlueBleed: Microsoft customer data leak claimed to be 'one of the largest' in years

Microsoft has confirmed one of its own misconfigured cloud systems led to customer information being exposed to the internet, though it disputes the extent of the leak. In a revelation this week, Microsoft's Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 about a …

  1. VoiceOfTruth


    I made a brief visit to the SOCRadar web site and checked one of our domains.

    It shows several "Employee Credentials" records. Interesting. Because even with the obfuscated data (they only show the first and last character of the email address unless you hand over your email address) I can say with 100% certainty that those credentials do not exist and have never existed. Perhaps somebody put those email addresses into a document somewhere. Perhaps somebody signed up somewhere with that email address. It doesn't matter - it has never been a working email address.

    I did a search back through our mail logs. I can see several attempts to send email to something which would match the first-and-last@domain characters shown at SOCRadar. In every case we rejected the attempts with 'Recipient address rejected'.

    These are the only entries for the domain I tested. I can say with 100% certainty that these are not 'Employee Credentials' and have never been.

    1. Claptrap314 Silver badge

      Re: SOCRadar

      The problem readers now face is that your credibility is somewhere between 0 and -0.5 on a scale of -1 to 1.

    2. Zippy´s Sausage Factory

      Re: SOCRadar

      It still shows that whomever put that address in, they've got the data from where it was put in. They might have thought it was an employee of that company and got that wrong, but with a leak this big you have to expect even a big, well-known security company (which SOCRadar are not, as far as I know - at least I've never heard of them) are going to make some mistakes.

      That said, it shows they didn't make this data up. It quite probably came from inside Azure. And that's worrying.

    3. Bill Gray

      Re: SOCRadar

      For what it's worth... I gave it a try with one of my domains. It came up with an accurate e-mail address (no surprise) and two supposed passwords. One was a throwaway password on LinkedIn, which famously leaked numerous passwords years back; I already knew that one was out in the wilds of the Interwebs.

      The other supposed password didn't ring a bell, but I could easily imagine it was leaked by some other insecure site. (Sometimes, I wonder if "insecure site" is just redundant. Most days, I don't wonder.)

      Perhaps somebody signed up somewhere with that email address...

      Precisely. SOCRadar presumably just scraped various leaked lists, including the LinkedIn one. It'll be a mix of throwaways (such as mine and maybe yours), some "real" addresses/passwords, some for accounts discontinued 15 years ago, and probably a lot that are purely made up and sold to gullible would-be crims. I could see that being a workable scam. After all, if you purchase fake credentials and they don't work, you don't have much recourse for getting a refund. (Or you might think they'd been changed.)

      The only way I could see SOCRadar knowing which are which would be to try them out. Some people would probably object to that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like