A threat actor has recently posted a data leak containing 2 million data from Microsoft 365 computers that made the faulty CrowdStrike update.
According to the threat actor, they have taken advantage of the CrowdStrike bug in Microsoft computers.
The sensitive data among what they have taken include Microsoft account details, such as login and password, phone numbers, Gmail information, names, surnames, and more.
Microsoft 365 is a complete productivity platform that offers a range of useful applications, including Word, PowerPoint, and Excel.
“Hi everyone, yesterday morning we took advantage of the crowdstrike bug in Microsoft and pulled all the microsoft 365 data of the computers that made the update” According to the threat actor.
Many offices and organizations around the world use it. Microsoft has recently acknowledged that Windows 365 Cloud PCs have been widely affected by the faulty CrowdStrike update, causing them to become stuck in reboot loops and rendering them unusable.
Windows estimates that the update from CrowdStrike had an impact on approximately 8.5 million Windows devices.
The leaked data includes a detailed pattern of information such as:
The 2 million data are being sold on a dark web forum marketplace, and the threat actor has set a selling price of $10,000
The threat actor or the threat group, going by SilentAction, has published this post on BreachForums, a well-known marketplace for stolen data and bustling with online criminal activities.
“This data leak seems to be a huge breach involving a ton of sensitive personal and system info from various users. It's not about Microsoft 365 directly, but it covers different Microsoft Windows operating systems, including details like product names, versions, license keys, and user personal info.” One security researcher noted.
It is unclear how SilentAction was able to pull 2 million data from the CrowdStrike bug, but this breach could cause serious issues for the individuals affected.
The leaked data includes personal information and account credentials, making the victims vulnerable to identity theft and other cybercrimes.
Microsoft has yet to give a statement regarding the data leak. The CrowdStrike outage is still being discussed, with experts claiming it could take weeks for systems to fully recover.
This flawed update, released by CrowdStrike, one of the biggest cybersecurity providers, knocked many systems offline around the world on Friday.
The outage caused flight and train cancellations and crippled some healthcare systems, providing an opportunity for cybercriminals to exploit the situation.
Disclaimer: This news article is based on internal investigations. Users are responsible for their reliance on the content herein. Hackerdose assumes no liability for the accuracy of the information or any consequences arising from its use.