Breach, Americas, EMEA

Microsoft Fixes Office 365 User Data Leak Across Admin Portals

Microsoft last week leaked Office 365 users names and email addresses across multi-tenant admin dashboards, according to Petri. The breach affected users in multiple Office 365 data center regions, including both the United States and EMEA.

Initially, several Office 365 administrators reported that the email and SharePoint usage for their tenants increased. When these admins evaluated the underlying data, they saw that it included users from one or more domains outside their tenant.

Microsoft has fixed the problem, and usage reports are back online and working properly, Petri reported.

Are Cybercriminals Targeting Office 365 Users?

Proper Office 365 security has been under an intense microscope ever since Skyhigh Networks, a California-based cloud access security broker (CASB), indicated that "brute force attacks" have been launched against the SaaS platform. The attacks targeted nearly 50 Office 365 users this year. Brute force attacks generally involve the use of cloud services platforms to conduct persistent attacks to log into user accounts.

The Skyhigh CASB platform has detected and defended against coordinated attacks on more than 100,000 failed Office 365 logins from 67 IP addresses and 12 networks, the company said at the time. The attacks came from instances hosted on cloud services platforms and targeted 48 different organizations.

Approximately 58 percent of all sensitive corporate data in the cloud is stored in Office 365, according to Skyhigh, and usage of Microsoft's cloud services may increase in the foreseeable future.

Gartner Offers Office 365 Security Recommendations

Technology research firm Gartner has provided the following recommendations to help organizations secure Office 365 environments:

  • Determine whether Microsoft's native capabilities are sufficient based on how an organization uses Microsoft services.
  • Examine third-party alternatives if gaps prevent an organization from implementing its security and compliance policies.
  • Deploy an identity, access and privilege management strategy.
  • Implement visibility, data security, threat protection and device management controls using native Office 365 capabilities; if necessary, these capabilities can be enhanced with third-party products.
  • Use a CASB to implement consistent security policies across all Office 365 services and other non-Microsoft SaaS applications.

Gartner has predicted 40 percent of Office 365 deployments will rely on third-party tools to fill gaps in security and compliance by 2018.

In addition, 50 percent of organizations using Office 365 will rely on non-Microsoft security tools to maintain consistent security policies across their multivendor "SaaSscape" by 2020, according to Gartner.

Meta Description: Microsoft suffers a data breach that reveals the names & email addresses of Office 365 users from the United States, EMEA & other data center regions.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.