Microsoft said today that some of its customers’ sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet.
The company secured the server after being notified of the leak on September 24, 2022 by security researchers at threat intelligence firm SOCRadar.
“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” the company revealed.
“Our investigation found no indication customer accounts or systems were compromised. We have directly notified the affected customers.”
According to Microsoft, the exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner.
Redmond added that the leak was caused by the “unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem” and not due to a security vulnerability.