Over one million CSV/JSON files with personal information of event registrants using Microsoft Teams – including phone numbers and email addresses – have been exposed to potential cyber-criminals worldwide. Security company Clario Tech, in partnership with cybersecurity researcher Bob Diachenko, discovered the exposure within EventBuilder, a virtual events integration tool for Microsoft products. Details can be found in a new report, published today.
Clario informed EventBuilder of the exposure earlier this summer, and it has now been fixed by EventBuilder. The data was stored on Microsoft Azure Blob Storage — Microsoft’s object storage solution for the cloud. The storage was partially public to host recorded sessions for link-only access. However, the webinars’ organizers inadvertently included registrants’ information in the blob, compromising personal information of webinar attendees and potentially putting them in danger from cyber-criminals across the globe.
“Eventbuilder is widely used by Microsoft and integrated with Teams,” said Diachenko. “So this data exposure is an interesting case study in how even the most advanced technology companies can expose themselves to data vulnerabilities.”
Information Included in the Data Leak
Over one million large-sized CSV/JSON files with Microsoft events registrants details and summaries, including:
• Full names
• Email addresses
• Company names and position in company
• Phone numbers
• Questionnaires answered
It is estimated that at least 100,000 people have been impacted by this exposure of personal information. Anyone who has registered with EventBuilder should take the proper steps to protect their personal information including installing credible cybersecurity software featuring identity protection and dark web monitoring.
Advice from the Experts
“Online security is not a luxury in this day and age; it’s a necessity. A data exposure such as this is preventable with the right security measures in place,” said Mykola Tymkiv, COO at Clario. “Any company can avoid finding themselves in such a dangerous and vulnerable situation by first, implementing proper access rules and only allowing authorised personnel to access sensitive information. Second, if a system doesn’t require authentication, never leave it open to the Internet.”