MADRID, Oct. 20 (Portaltic/EP) –
microsoft has confirmed a cybersecurity incident caused by a misconfigured server that has exposed some data corresponding to the company’s business relationships with potential customers.
Data such as personal and company names, emails, phone numbers, and even the content of emails and attachments about business transactions between Microsoft and potential customers have been exposed to third-party actors.
This incident is due to an “unintentional” misconfiguration of a server that is not used in the Microsoft ecosystem, as the company has detailed in its Security Response Center. SOCRadar researchers reported this issue on September 24 and it has now been fixed.
Microsoft says that its investigation shows no indication that customer accounts or systems have been compromised. Although they have found duplicate information, “with multiple references to the same emails, projects and users”.
“We have focused our attention on directly notifying affected customers and instructing them to contact Microsoft if they have questions or concerns,” the company said. They have also limited access to the affected server, which can only be accessed “with required authentication”.