Azure security breach left thousands of customer records exposed
After some questionable security practices, an Azure security breach exposed more than half a million sensitive documents on the internet. The exposed data were hosted in unprotected Microsoft Azure Blob storage and could be viewed by anyone with the files’ direct address, without any authentication.
Microsoft Azure Blob storage is used for storing significant amounts of unstructured object data, like text data or binary data. It’s mainly used for serving images or documents to a browser, storing files for distributed access, and streaming video and audio.
Azure security breach
The unsecured blob was managed by a Surrey-based app developer. Reportedly around 587,000 files were exposed, ranging from backed-up emails to letters, spreadsheets, and screenshots. The Register, a technology newspaper, caught wind of the unsecured blob thanks to security researcher Oliver Hough.
“Finding a storage bucket like this where a provider has lumped all of their clients’ files in a single bucket rather than creating separate storage for each client demonstrates how, in 2020, the basics of a secure design are still not being followed,” Hough told The Register.
The blob contained thousands of health assessments, insurance claim documents from US firms underwritten by Lloyds of London, and private opinions regarding junior colleagues applying for promotions. But the most sensitive information exposed was FedEx shipment documentation, along with highly sensitive medical data, and at least one passport scan.
Trust the Microsoft Silver Partners
This is just one of many instances of data leaks through Microsoft’s Azure blob storage. While the burden of these exposures did not lie with Microsoft Azure, it is clear that proper support is needed to help businesses create secure data silos.
And this goes to show that owning the right tech is only half the battle. Working with a boutique systems integrator like Influential Software ensures compliance with data security. As a Microsoft Certified Partner, we’re more than ready to help you get the most out of your systems. Whether that’s improving your data security or increasing your value for money, our Silver Cloud Platform competency means we’re equipped to help.