grahamcluley.com Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Form analysis
2 forms found in the DOM

GET https://grahamcluley.com/

<form role="search" method="get" class="search-form i-amphtml-form" action="https://grahamcluley.com/" target="_top" novalidate="">
  <label>
    <span class="screen-reader-text">Search for:</span>
    <input type="search" class="search-field" placeholder="Search …" value="" name="s">
  </label>
  <button type="submit" class="search-submit"><span class="screen-reader-text">Search</span></button>
</form>

POST

<form method="post" id="commentform" class="comment-form i-amphtml-form" novalidate="" target="_top" action-xhr="https://grahamcluley.com/wp-comments-post.php?_wp_amp_action_xhr_converted=1"
  on="submit-success:commentform.clear,AMP.setState({ampCommentThreading: {&quot;replyTo&quot;:&quot;&quot;,&quot;commentParent&quot;:&quot;0&quot;}})" amp-novalidate=""><amp-state id="ampCommentThreading"
    class="i-amphtml-layout-container i-amphtml-element i-amphtml-built" i-amphtml-layout="container" hidden="" aria-hidden="true">
    <script type="application/json">
      {
        "replyTo": "",
        "commentParent": "0"
      }
    </script>
  </amp-state>
  <p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message" aria-hidden="true">Required fields are marked <span class="required" aria-hidden="true">*</span></span></p>
  <p class="comment-form-comment"><label for="comment">Comment <span class="required" aria-hidden="true">*</span></label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required=""></textarea></p>
  <p class="comment-form-author"><label for="author">Name <span class="required" aria-hidden="true">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required=""></p>
  <p class="comment-form-email"><label for="email">Email <span class="required" aria-hidden="true">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" required=""></p>
  <p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200"></p>
  <p class="comment-form-use-gravatar">
    <input id="avatar-privacy-use-gravatar" name="avatar-privacy-use-gravatar" type="checkbox" value="true" data-amp-original-style="margin-right:1ex;" class="amp-wp-a8e6507"><label for="avatar-privacy-use-gravatar"
      data-amp-original-style="display:inline;" class="amp-wp-5f8f4af">Display a <a href="https://en.gravatar.com/" rel="noopener nofollow" target="_self">Gravatar</a> image next to my comments.</label>
  </p>
  <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="11335818" id="comment_post_ID">
    <input type="hidden" name="comment_parent" id="comment_parent" value="0" data-amp-bind-value="ampCommentThreading.commentParent" i-amphtml-binding="">
  </p>
  <p data-amp-original-style="display: none;" class="amp-wp-224b51a"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="74caf4bdb9"></p>
  <p data-amp-original-style="display: none !important;" class="amp-wp-3e2e7c3"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label></p>
  <div class="amp-wp-default-form-message" submit-error=""><template type="amp-mustache">
      <p class="{{#redirecting}}amp-wp-form-redirecting{{/redirecting}}">{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. <small>The server responded with {{status_text}} (code {{status_code}}). Please contact the developer of
            this form processor to improve this message. <a href="https://amp-wp.org/?p=5463" target="_blank" rel="nofollow noreferrer noopener">Learn more</a></small>{{/message}}</p>
    </template></div>
  <div class="amp-wp-default-form-message" submit-success=""><template type="amp-mustache">
      <p class="{{#redirecting}}amp-wp-form-redirecting{{/redirecting}}">{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was successful. <small>Even though the server responded OK, it is possible the submission was not
            processed. Please contact the developer of this form processor to improve this message. <a href="https://amp-wp.org/?p=5463" target="_blank" rel="nofollow noreferrer noopener">Learn more</a></small>{{/message}}</p>
    </template></div>
  <div class="amp-wp-default-form-message" submitting=""><template type="amp-mustache">
      <p>Submitting…</p>
    </template></div>
</form>

Text Content

Skip to content

Graham Cluley

Computer security news, advice, and opinion

Menu
 * News
 * Newsletter
 * Podcast
 * Speaking
 * Sponsor
 * Aboutexpand child menu
   * About this website
   * Awards
   * Testimonials
   * Recent media appearances
   * Contact
   * Gamesexpand child menu
     * Jacaranda Jimexpand child menu
       * Reviews of Jacaranda Jim
     * Blox
     * Humbugexpand child menu
       * Reviews of Humbug
     * Wibbling Wilfexpand child menu
       * Reviews of Wibbling Wilf

Search for: Search
This week's sponsor: Kolide, endpoint security for teams that want to meet SOC 2
compliance goals without sacrificing privacy.
ⓘ




MICROSOFT “BLUEBLEED” DATA BREACH: CUSTOMER DETAILS AND EMAIL CONTENT EXPOSED


Graham Cluley • @gcluley
12:35 pm, October 20, 2022

Microsoft has admitted that it accidentally exposed sensitive customer data
after failing to configure a server securely.

Cybersecurity firm SOCRadar informed Microsoft about the embarrassing leak in
September, which researchers claimed involved files dated from 2017 to August
2022.

The following business transaction data has been exposed:

 * names
 * email addresses
 * email content
 * company name
 * phone numbers

In addition, Microsoft warned that the exposed data may include “attached files
relating to business between a customer and Microsoft or an authorized Microsoft
partner.”

SOCRadar claims that the sensitive data of over 65,000 entities in 111 countries
on a misconfigured Microsoft server that had been left accessible over the
internet.

Sign up to our newsletter
Security news, advice, and tips.

SOCRadar, which has dubbed the data breach “BlueBleed”, has created a website
where concerned companies can search to see if their data has been exposed.



Microsoft has not shared any details about the size of the data breach, and
while thanking SOCRadar for raising the alarm about the data leak, it has
claimed that the researchers had “greatly exaggerated the scope of this issue”:

> Our in-depth investigation and analysis of the data set shows duplicate
> information, with multiple references to the same emails, projects, and users.
> We take this issue very seriously and are disappointed that SOCRadar
> exaggerated the numbers involved in this issue even after we highlighted their
> error.

The public release of SOCRadar’s BlueBleed search tool seems to have
particularly upset Microsoft, saying that it is “not in the best interest of
ensuring customer privacy or security and potentially exposing them to
unnecessary risk.”

Microsoft argues that any security firm releasing such a tool should put in
place basic measures such as verifying users before allowing them to search for
data related to their domain.

Microsoft should be rightly embarrassed by its sloppy security, which has
needlessly exposed the data of its customers. I suspect that most Microsoft
customers will be less bothered with the quibbling over just how much data was
carelessly exposed, and more worried that the security cock-up happened in the
first place.

According to SOCRadar, Microsoft responded within hours of being notified of the
problem, reconfiguring its Azure Blob Storage cloud bucket to properly secure it
from unauthorised access.

It’s obviously a positive thing that the misconfigured server has been secured,
but it is unfortunately the case that this particular horse has already bolted –
for there are reports that Microsoft’s leaky bucket has been “publicly indexed
for months”.

Found this article interesting? Follow Graham Cluley on Twitter to read more of
the exclusive content we post.

--------------------------------------------------------------------------------

 * Data loss
 * Microsoft

 * #Azure
 * #BlueBleed
 * #data breach
 * #Microsoft


Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number
of security companies since the early 1990s when he wrote the first ever version
of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security
analyst, he regularly makes media appearances and is an international public
speaker on the topic of computer security, hackers, and online privacy. Follow
him on Twitter at @gcluley, or drop him an email.


YOU MAY ALSO LIKE...

 * T-Mobile confirms fifth data breach in three years
   
 * Up to 350,000 people at risk after Capcom ransomware attack
   
 * 40 days after discovering data leak, Equifax warns that 143 million US
   consumers could be at risk
   


WHAT DO YOU THINK? LEAVE A COMMENT CANCEL REPLY

Your email address will not be published. Required fields are marked *

Comment *

Name *

Email *

Website

Display a Gravatar image next to my comments.





Δ

{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. The
server responded with {{status_text}} (code {{status_code}}). Please contact the
developer of this form processor to improve this message. Learn more{{/message}}

{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was
successful. Even though the server responded OK, it is possible the submission
was not processed. Please contact the developer of this form processor to
improve this message. Learn more{{/message}}

Submitting…

This site uses Akismet to reduce spam. Learn how your comment data is processed.


PODCAST


"SMASHING SECURITY"

Winner: Best Security Podcast 2018, 2019. Most Entertaining: 2022.

LATEST EPISODE:



Subscribe:
Apple Podcasts | Google Podcasts | Spotify | RSS

Support the podcast:
Patreon


PUBLIC SPEAKING

Hire Graham Cluley to be a keynote speaker at your event or webinar

        

Send a tip or story idea | Hire Graham Cluley to speak at your event |
Sponsorship | Contact | About

Complaints/Corrections | Privacy | Terms & Conditions

Copyright © 2001-2022 Cluley Associates Limited. All Rights Reserved.