[anti-censorship-team] Azure customer support database leak
David Fifield
david at bamsoftware.com
Tue Feb 4 02:26:39 UTC 2020
On 2020-01-22, I got an email from Microsoft Azure about a data breach
of customer support records. The summary is that between 2019-12-05 and
2019-12-31, some Azure customer support records were exposed and
downloadable, though they don't think any were actually downloaded. I
got an notification because they identified some of the records as
belonging to the Azure account I administer.
https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/
https://www.zdnet.com/article/microsoft-discloses-security-breach-of-customer-support-database/
https://www.reddit.com/r/AZURE/comments/esdwld/microsoft_database_containing_customer_support/
The involved account is the one that used to be used for meek-azure
domain fronting, and is currently used for Snowflake rendezvous domain
fronting (using the Azure CDN). The account is no longer used for
meek-azure.
The email said I could file a support request to find out exactly what
information was exposed, so that's what I did. The data set they sent
back to me consistend of two email threads, neither one directly related
to Tor's use of Azure. One was about trying to delete a an unused VM
disk image, and one was trying to update a credit card.
I didn't find my name nor the account email address in the files.
Apparently the files that were exposed had already been processed by an
automated redactor. I see markers like "{AlphanumericPII}" and
"{Namepii}" in the files, even over-redactions like
"font-family:"Times New {Namepii}"".
More information about the anti-censorship-team
mailing list