Attack info
First seen 2022-09-24 • Last seen 2022-10-19
On October 19, 2022, Socradar announced a vulnerability they discovered in several misconfigured
Microsoft AWS servers. They also announced the launch of the BlueBleed service, which contains data
downloaded from several misconfigured Microsoft AWS servers.
Link to the Socradar announcement – hxxps://socradar[.]io/sensitive-data-of-65000-entities-in-111-
countries-leaked-due-to-a-single-misconfigured-data-bucket/
The exposed files in the misconfigured bucket include;
POE documents,
SOW documents,
Invoices,
Product orders,
Product offers,
Project details,
Signed customer documents,
POC (Proof of Concept) works,
Customer emails (as well as .EML files),
Customer product price list and customer stocks,
Internal comments for customers (High risk etc.),
Sales strategies,
Customer asset documents, and
Partner ecosystem details.
