Sensitive information for some Microsoft customers were exposed by a misconfigured server, Microsoft Security Response Center said on Wednesday. The misconfigured endpoint was accessible on the Internet and did not require authentication.
The exposed information included names, email addresses, email content, company name, phone numbers, and files “relating to business between a customer and Microsoft or an authorized Microsoft partner,” the company said. The endpoint has already been secured to require authentication, and affected customers have been notified.
“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft said, noting that there is no indication that customer accounts or systems had been compromised.
Leave a reply