Microsoft, a tech giant renowned for its software and services, has encountered numerous data breaches over the years. These incidents have exposed sensitive information, impacted users, and raised cybersecurity concerns. Let’s delve into recent breaches.
As one of the world’s largest technology companies, Microsoft handles vast amounts of data for millions of users and organizations globally. Consequently, it remains a frequent target for cyberattacks. Users worldwide rely on Microsoft’s tools—such as Outlook, OneDrive, and the Office 365 suite—to create and share personal and corporate information. However, this reliance also means that any data breach can have significant downstream effects on both organizations and individuals.
Over the past three years, there have been several high-profile Microsoft data breaches, along with the discovery of over 1,200 vulnerabilities. These incidents have affected millions of users and organizationsLet’s take a closer look at recent breaches.
#1January 2024: Microsoft breached by Russian hacker group
On January 12, Microsoft discovered a breach conducted by a Russian SVR foreign intelligence agency group. The incident occurred in November 2023 through a method called “password spraying,” and targeted Microsoft’s corporate email system.
Cozy Bear, the Russian-backed hacker group behind the SolarWinds breach, appears to have been behind this attack. Microsoft disclosed that these hackers compromised credentials on a “legacy” test account, likely with an outdated code, before accessing senior leadership accounts, among others. The hackers’ access was removed on January 13.
#2September 2023: 60k State Department Emails Stolen in Microsoft Breach
On September 27, a Senate staffer briefed by State Department IT officials informed Reuters that Chinese hackers had stolen over 60,000 emails by State Department officials. The breach occurred in July, when a series of errors enabled the Chinese hacker group, identified as Storm-0558, hacked Microsoft and stole a key granting them broad access to Microsoft customer accounts, including those of the U.S. government.
#3July 2023: Chinese Hackers Breach U.S. Agencies Via Microsoft Cloud
On July 11, Microsoft publicly disclosed that a group of Chinese hackers had spied on U.S. government agencies via a vulnerability in Microsoft’s cloud services. The attack was first detected in June, by an unnamed government agency which proceeded to inform Microsoft and the Department of Homeland Security of the incident.
The hacking group in question, deemed “Storm-0558” by Microsoft, appears to be linked to the Chinese government. Their attacks targeted State and Commerce department emails, ahead of U.S. Secretary of State Antony Blinken’s visit to China. U.S. officials have stated that sensitive data was not compromised in this email breach.
#4July 2023: Microsoft Denies Purported Data Breach
On July 2, hacktivist group Anonymous Sudan claimed to have hacked Microsoft and pilfered data pertaining to over 30 million Microsoft accounts. The group provided a sample of the data, but so far it has not been determined where exactly the data came from.
A Microsoft spokesperson said that these claims of a data breach were not legitimate, and stated that Microsoft had seen “no evidence that our customer data has been accessed or compromised.”
#5October 2022: 548,000+ Users Exposed in BlueBleed Data Leak
On October 19th, security firm SOCRadar identified over 2.4 terabytes of exposed data on a misconfigured Microsoft endpoint. By SOCRadar’s account, this data pertained to over 65,000 companies and 548,000 users, and included customer emails, project information, and signed documents.
Microsoft acknowledged the data leak in a blog post. They also said they had secured the endpoint and notified the accounts that had been compromised, and elaborated that they found no evidence customer accounts had actually been compromised — only exposed. Microsoft also disputed some key details of SOCRadar’s findings:
#6March 2022: Lapsus$ Group Breaches Microsoft
In March 2022, the hacker group Lapsus$ breached Microsoft. They accessed Azure DevOps, compromising projects like Bing and Cortana. Microsoft confirmed the breach but assured no customer data was compromised. Lapsus$ employs social engineering and extortion tactics for financial gain. Their motivations are purely monetary, not political. They’ve even sought tech workers to compromise their employers.
#7August 2021: Organizations Expose 38 Million Records Due to Power Apps Misconfiguration
In August 2021, a significant data leak occurred due to misconfigured Microsoft Power Apps portals settings. Approximately 47 companies inadvertently made data publicly accessible, exposing around 38 million records. The exposed data varied, including employee files and COVID-19 testing information. UpGuard, a cybersecurity firm, discovered the issue and promptly reported it to Microsoft and affected organizations. While the misconfiguration wasn’t directly caused by Microsoft, some argue that clearer warnings in technical documentation could have helped prevent the leaks. Ultimately, the responsibility lies with the organizations that applied the settings.
#8August 2021: Thousands of Microsoft Azure Customer Accounts and Databases Exposed
In August 2021, security professionals discovered vulnerabilities in Microsoft Azure’s Cosmos DB, a cloud-based database service. These flaws allowed unauthorized access to customer databases and accounts, affecting many Fortune 500 companies. While researchers accessed the data, it remains unclear if third parties also exploited the vulnerabilities. Microsoft was responsible for the leak due to the Cosmos DB flaws.
#9April 2021: 500 Million LinkedIn Users’ Data Scraped and Sold
In April 2021, personal data on over 500 million LinkedIn users was posted for sale on a hacker forum. A representative for LinkedIn reported to Business Insider that this data was scraped from publicly available data on the platform. The data included information such as email addresses and phone numbers – all the more reason to keep sensitive details from public profiles.
#10January 2021: Microsoft Exchange Server Vulnerability Leads to 60,000+ Hacks
In January 2021, a widespread hacking incident targeted Microsoft Exchange Servers due to four zero-day vulnerabilities. Potentially impacting over 30,000 U.S. companies and as many as 60,000 worldwide, unauthorized parties exploited these vulnerabilities to access data, deploy malware, and hijack servers. While Microsoft worked to patch the flaws, the impact varied across individual companies, and the responsible parties remained unclear
#11December 2020: Microsoft and 18,000 Other SolarWinds Customers Targeted with Malicious Update
In December 2020, Russian hackers exploited vulnerabilities in SolarWinds software, granting them access to the system. They then distributed malicious updates to around 18,000 SolarWinds customers via a supply chain attack. Microsoft was among the targets, leading to further hacking activity. The attack affected government agencies, state governments, and private companies. Microsoft’s investigation revealed additional compromised systems, including malware designed to steal customer information. The hackers responsible were dubbed “Nobelium.”
These breaches highlight the ongoing challenges in securing digital infrastructure and the need for robust cybersecurity measures.”
Reactions
Already reacted for this post.
