2 min

A misconfigured Azure Blob Storage endpoint caused unauthorized access to large amounts of Microsoft customer data last month. Although security researchers indicate that the breach affects tens of thousands of organizations worldwide, Microsoft believes the extent of the incident is exaggerated.

According to Microsoft, an accidentally misconfigured endpoint opened systems to unauthorized access in September. Unauthorized malicious parties were theoretically able to access business transaction data routed between Microsoft and its customers. The data includes planning, implementation and setup data for various Microsoft services.

BlueBleed Part 1

The misconfiguration was discovered by security researchers from SOCRadar. The potential data breach was dubbed BlueBleed Part 1 and involved six data buckets that became public after the Azure Blob Storage misconfiguration. According to the researchers, the affected data buckets had as much as 2.4 TB of information on a total of more than 65,000 companies in 111 different countries.

The buckets included more than 133,000 files and data on more than 500,000 individuals. The data included names, addresses, emails, company names, telephone numbers and information related to business activities between customers and Microsoft.


The leak has since been closed by Microsoft. According to the tech giant, which notified customers potentially affected by the data breach, no misuse has been detected so far.

In its response, the tech giant claims that SOCRadar exaggerated the extent of the leak. Microsoft said the datasets provided as evidence include large amounts of duplicate information. According to the tech giant, there are many references to the same emails, projects and end users.

Microsoft also disapproves of the fact that SOCRadar provided a search tool allowing Microsoft’s customers to review whether their data is included in the beach. According to the tech giant, the tool poses unnecessary risks.

Tip: Microsoft ignores severe vulnerability in Teams