Security researchers with SOCRadar have discovered a misconfigured Azure Blob Storage bucket maintained by Microsoft that exposed 2.4TB of customer data belonging to more than 65,000 companies across 111 countries.

Dubbed “BlueBleed,” the data leak included files dated from 2017 to August 2022. The analysis of the files showed that the leaked data included Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, customer emails, internal documents for customers, partner ecosystem details, internal comments for customers, and other information.

The threat intel company informed Microsoft about the problem on September 24, and the misconfigured server was promptly secured. 

Microsoft revealed in a blog post that “this misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”

“The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability,” the company said, adding that it found no evidence that customer accounts or systems were compromised.

Microsoft also noted that the scope of the issue was greatly exaggerated and that a lot of data in question was duplicate information, with multiple references to the same emails, projects, and users.