Nynox SOC - Threat alert
Microsoft leak - Bluebleed
– Date: 27 October 2022 –
+150k organizations affected in 123 countries. Your company data may have been exposed. With Nynox we have been handling various requests from affected companies in Belgium related to this leak.
What happened?
⚠️ According to the recently published Microsoft data leak MC442057, personal data regarding organizations’ employees and clients may have been temporarily public and accessible.
⚠️ Microsoft claims that the data has not been accessed.
Was your company affected
📍 If your company uses Microsoft products such as Microsoft 365 or Azure, your organization may have been affected.
📍 Check if your company domain was affected by the leak in the SOCRadar site: https://lnkd.in/dX2EayG8
📍Check with Microsoft if your company data was exposed: Login to admin.microsoft.com as the global Admin. Look for a message in the message center (tag= privacy) on 4/10, this will contain instructions or a link to request the data.
📍 Even if your company was not affected, Nynox recommends opening a case with Microsoft to confirm (https://lnkd.in/egjmjRcr).
What does it mean for your company?
Knowing the difference between data leak and data compromise or breach is essential: Data leak means that the data is exposed but doesn’t imply that the data was accessed or stolen by other parties. If you were affected, assess the risk of the exposed data and consult with your DPO (Data Privacy Officer) or legal representatives. Identify exposed email addresses and users and create security awareness campaigns. Deploy a Darknet & Clearnet scanning solutions to find stolen data.
❗️How big was the leak?
→ 2.4TB of data
→ 123 Countries
→ 150K Companies
→ 200K Project Files
→ 1 Million Emails
→ 800K Users
❗️Which file types were exposed?
→ Customer Emails
→ SOW Documents
→ Product Offers
→ POC Works
→ Partner Ecosystem Details
→ Invoices
→ Project Details
→ Customer Product Price List
→ POE Documents
→ Product Orders
→ Signed Customer Documents
→ Customer Asset Documents
