www.belgium.be Logo of the federal government

The Centre for Cybersecurity Belgium (CCB) informs you about the dataleak “BlueBleed”. 

What is “BlueBleed”? 

“BlueBleed” is a misconfigured Microsoft storage location resulted in an unauthenticated access. The possible leaked data is business transaction info like interactions between Microsoft and prospective customers. The misconfiguration was reported to Microsoft and resolved on the 24th of  September 2022. 

If you’re impacted by “BlueBleed”, Microsoft sent you a notification via admin.microsoft.com.

Recommended actions

The CCB recommends to check admin.microsoft.com for a message of the 4th of October 2022 containing the references MC442408 or MC442057 and with the subject containing “Investigation Regarding Misconfigured Microsoft Storage Location”.

If you received a notification, the CCB recommends:

  • To request the affected data from Microsoft via the admin.microsoft.com portal. 
  • To inform the involved persons and warn them about spear phishing. The leaked data can be leveraged by a malicious actor to craft very targeted and realistic spear phishing.

When you are providing Microsoft support for your customers, please inform your customers accordingly. 

For further question we like to refer you to Microsoft. 

Sources

https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/ 

https://securityaffairs.co/wordpress/137397/data-breach/microsoft-data-leak-2.html 

ordpress/137397/data-breach/microsoft-data-leak-2.html