SOCRadar found that 65.000 pieces of sensitive customer data became public due to a misconfigured Microsoft Azure Server. The leak includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property.
SOCRadar's built-in cloud security module monitors public buckets to detect any exposure of customer data. Among the many public buckets discovered, six contained large-scale information for more than 150.000 companies in 123 different countries. The leaks are collectively called by SOCRadar BlueBleed labeled to better track the information around them. Currently, only the analysis of the largest BlueBleed leak with incorrectly configured Microsoft Azure servers has been completed: BlueBleed Part 1. The analyzes for other buckets are to be published later.
What is BlueBleed?
Coined by Can Yoleri, a threat and vulnerability researcher at SOCRadar, the term "BlueBleed" refers to the sensitive information leaked collectively from six misconfigured buckets. The first part of the collection (BlueBleed Part I) is due to a misconfigured Microsoft Azure Blob Storage attributed. It can be considered one of the most significant B2B leaks, affecting more than 65.000 companies in 111 countries with sensitive data in a single bucket.
What is the content of BlueBleed Part I ?
🔎 Microsoft Azure: A misconfigured server releases sensitive data (Image: SOCRadar).
As a result of our investigations into the misconfigured server, SQLServer databases and other files, SOCRadar researchers discovered publicly available 2,4 TB of data containing Microsoft confidential information. Exposed data includes files from 2017 to August 2022.
According to the analysis, the leak, dubbed BlueBleed Part I, consists of critical data from more than 65.000 companies from 111 countries. SOCRadar researchers have so far discovered more than 335.000 emails, 133.000 projects and 548.000 exposed users in the leaks.
Blatant data leaks
When a data leak occurs due to a third party, advanced threat intelligence solutions enable organizations to understand and be warned when their information is exposed due to third party services. SOCRadar offers a large threat data search with its Free Edition, where users can search for digital assets (IP addresses, domains, etc.), hashes or any keywords mentioned on the dark web and darknet websites in a secure environment, whether subscription or Providing personal data.
More at SOCRadar