Threat intelligence firm SOCRadar reported that a Microsoft customer data breach affected hundreds of thousands of users from thousands of entities worldwide. Microsoft admits a storage misconfiguation, data tracker leads to a data breach at a second US hospital chain, and more. 'Xbox will exist' if Activision Blizzard deal falls through, says Microsoft's Phil Spencer, A London musician recorded with Muse and Phil Collins, now he's co-producing with ChatGPT, Windows Central Podcast #301: Windows 11, Xbox, Bing. Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar. Written by RTTNews.com for RTTNews ->. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking. In November 2016, word of pervasive spam messages coming from Microsoft Skype accounts broke. 3. Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox. It isnt clear how many accounts were impacted, though Microsoft described it as a limited number. Additionally, the tech giant asserted that email contents and attachments, as well as login credentials, were not compromised in the hack. This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand, Kron added. The screenshot was taken within Azure DevOps, a collaboration software created by Microsoft, and indicated that Bing, Cortana, and other projects had been compromised in the breach. Ultimately, the responsibility of preventing accidental data exposure falls on the Chief Information Security Officer (CISO) and Chief Data Officer. The credentials allowed the hackers to view a limited dataset, including email addresses, subject lines, and folder names. While Microsoft refrained from providing any additional details regarding this data leak, SOCRadar revealed in a blog post published today that the data was stored on misconfigured Azure Blob Storage. Data Breach Risks And Remedies: Lessons From The Biggest Breaches Of 2022 IBM found that the global average cost of a data breach in 2022 was the highest ever since the dawn of conducting these reports. March 3, 2022: Laboratory Bako Diagnostics (BakoDX) confirmed that the company experienced a data breach resulting in the personal and healthcare information of certain consumers being compromised. Regards.. Save my name, email, and website in this browser for the next time I comment. Security Trends for 2022 - Microsoft Community Hub On March 20 th 2022, the Lapsus$ group shared a snapshot to its Telegram channel showing that they have breached Microsoft. BlueBleed discovered 2.4TB of data, including 335,000 emails, 133,000 projects, and 584,000 exposed users, according to a report on Bleeping Computer. After digging deeper, the specialist noticed more unexpected activities, including requests relating to specific emails and for confidential files. Overall, its believed that less than 1,000 machines were impacted. Dubbed BlueBleed Part 1, the Microsoft data leak exposed at least 2.4 terabytes of sensitive data belonging to 65,000 entities in 111 countries. When an unharmed machine attempted to apply a Microsoft update, the request was intercepted before reaching the Microsoft update server. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC. If hackers gained access to that Skype password, they could effectively bypass the two-factor authentication, giving them access. While the bulk was for a Russian email service, approximately 33 million about 12 percent of the total stash were for Microsoft Hotmail accounts. Lapsus$ Group's Extortion Rampage. Creating the rogue certificate involved exploiting the algorithm Microsoft used to set up remote desktops on systems, allowing code to be crafted that appeared to come from Microsoft. In December 2020, vulnerabilities associated with SolarWinds an infrastructure monitoring and management software solution were exploited by Russian hackers. In October 2017, word broke that an internal database Microsoft used to track bugs within Microsoft products and software was compromised back in 2013. They were researching the system and discovered various vulnerabilities relating to Cosmos DB, the Azure database service. Another was because of insufficient detail to consumers in a privacy policy about data processing practices. Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics Please provide a valid email address to continue. They also can diminish the trust of those who become the victims of identity theft, credit card fraud, or other malicious activities as a result of those breaches. The company also stated that it has directed contacted customers that were affected by the breach. New York CNN Business . For the 2022 report, Allianz gathered insights from 2,650 risk management experts from 89 countries and territories. . In March, the hacker group Lapsus$ struck again, claiming to have breached Microsoft and shared screenshots taken within Azure DevOps, Microsoft's collaboration software. The proposed Securities and Exchange Commission rule creates new reporting obligations for United States publicly traded companies to disclose cybersecurity incidents, risk management, policies, and governance. 89 Must-Know Data Breach Statistics [2022] - Varonis They are accountable for protecting information and sharing data via processes and workflows that enable protection, while also not hindering workplace productivity. January 18, 2022. Sometimes, organizations collect personal data to provide better services or other business value. Microsoft data breach exposed sensitive data of 65,000 companies A late 2022 theft of LastPass's decrypted password vaults has been tracked to one of the company's DevOps engineers, as attackers reportedly targeted a vulnerability in a media software package on the employee's home computer. Heres how it works. In relatively short order, it was determined that four zero-day vulnerabilities were allowing unauthorized parties to access data, deploy malware, hijack servers, and access backdoors to reach other systems. The average data breach costs in 2022 is $4.35 million, a 2.6% rise from 2021 amount of $4.24 million. The company believes such tools should include a verification system to ensure that a user can only look for data pertaining to them, and not to other users. Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. A hacking group known as the Xbox Underground repeatedly hacked Microsoft systems between 2011 and 2013. Additionally, the configuration issue involved was corrected within two hours of its discovery. The intrusion was only detected in September 2021 and included the exposure and potential theft of . Though Microsoft would not reveal how many people were impacted, SOCRadar researchers claimed that 65,000 entities across 111 countries may have had their data compromised, which includes. 2021. News Corp. News Corp., the publisher of the Wall Street Journal and a range of global media outlets, said in a securities filing that it was hit by a cyberattack in January 2022 and that some data . If the proper updates werent applied, the issues remained in place, allowing attackers to take advantage of the flaw long-term. After all, people are busy, can overlook things, or make errors. Microsoft had quickly acted to correct its mistake to secure its customers' data. Microsoft data breach exposes 2.4TB of customer data On October 19th, security firm SOCRadar identified over 2.4 terabytes of exposed data on a misconfigured Microsoft endpoint. Microsoft accidentally exposed 250 million customer records - LifeLock 2021 Microsoft Exchange Server data breach - Wikipedia Earlier this year, Microsoft, along with other technology firms, made headlines for a series of unrelated breaches as a result of cyber hacking from the Lapsus$ group. Along with some personally identifiable information including some customer email addresses, geographical data, and IP addresses support conversations and records were also exposed in the incident. Additionally, several state governments and an array of private companies were also harmed. NY 10036. 6Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt, Ryan Browne, CNBC. The threat intel company added that, from its analysis, the leaked data "includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property. The biggest data breaches, hacks of 2021 | ZDNET A post in M365 Admin Center, ignoring regulators and telling acct managers to blow off customers ain't going to cut it. Then, Flame returned a malicious executable file featuring a rogue certificate, causing the uninfected machine to download malware. The Worst Hacks and Breaches of 2022 So Far | WIRED Learn how Rabobank, Fannie Mae, and Ernst & Young maximized their existing Microsoft 365 subscriptions to gain integrated data loss prevention and information protection. What Was the Breach? Cost of a data breach 2022 | IBM - IBM - United States They also said they had secured the endpoint and notified the accounts that had been compromised, and elaborated that they found no evidence customer accounts had actually been compromised only exposed. Humans are the weakest link. (Joshua Goldfarb), Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. You can think of it like a B2B version of haveIbeenpwned. Microsoft releases Windows security updates for Intel CPU flaws, Microsoft PowerToys adds Paste as plain text and Mouse Jump tools, Microsoft Exchange Online outage blocks access to mailboxes worldwide, Windows 11 Moment 2 update released, here are the many new features, Microsoft Defender app now force-installed for Microsoft 365 users. Microsoft Data Breaches History & Full Timeline Up To 2023 To abide by the data minimization principle, once the data is no longer serving its purpose, it must be deleted. There was a problem. However, the organizations are ultimately the ones that applied the settings, making them responsible for the leaks, as well. The company secured the server after being. The most common Slack issues and how to fix them, ChatGPT: how to use the viral AI chatbot that everyones talking about, 5 Windows 11 settings to change right now, Cybercrime spiked in 2022 and this year could be worse, New Windows 11 update adds ChatGPT-powered Bing AI to the taskbar. We redirect all our customers to MSRC (Microsoft 365 Admin Center Alert) if they want to see the original data. However, the failure of the two-factor authentication system places at least some of the blame on the tech giant. Though the number of breaches reported in the first half of 2022 . Microsoft confirms breach after hackers publish source code - TechCrunch The company learned about the misconfiguration on September 24 and secured the endpoint. Top data breaches and cyber attacks of 2022 | TechRadar January 25, 2022. Since dozens of organizations including American Airlines, Ford Motor Co., and the New York Metropolitan Transportation Authority were involved, the nature of the exposed data varied. Please try again later. Almost 2,000 data breaches reported for the first half of 2022. by Lance Whitney in Security. The Allianz Risk Barometer is an annual report that identifies the top risks for companies over the next 12 months. Microsoft Security Shocker As 250 Million Customer Records - Forbes It isnt known whether the information was accessed by cybercriminals before the issues were addressed. Read our posting guidelinese to learn what content is prohibited. Microsoft is investigating claims that an extortion-focused hacking group that previously compromised massive companies such as Ubisoft and Nvidia has gained access to internal . Data leakage protection is a fast-emerging need in the industry.