2 Million Microsoft 365 Data Compromised by CrowdStrike Bug

A recent leak posted by a threat actor involves 2 million Microsoft 365 data stolen due to a faulty CrowdStrike update.

By Marco Rizal - Editor, Journalist 4 Min Read
Share this post?
Share this post?

A recent leak posted by a threat actor involves 2 million Microsoft 365 data stolen due to a faulty CrowdStrike update.

A threat actor has recently posted a data leak containing 2 million data from Microsoft 365 computers that made the faulty CrowdStrike update.

According to the threat actor, they have taken advantage of the CrowdStrike bug in Microsoft computers.

The sensitive data among what they have taken include Microsoft account details, such as login and password, phone numbers, Gmail information, names, surnames, and more.

Microsoft 365 is a complete productivity platform that offers a range of useful applications, including Word, PowerPoint, and Excel.

image 98

Hi everyone, yesterday morning we took advantage of the crowdstrike bug in Microsoft and pulled all the microsoft 365 data of the computers that made the update” According to the threat actor.

Many offices and organizations around the world use it. Microsoft has recently acknowledged that Windows 365 Cloud PCs have been widely affected by the faulty CrowdStrike update, causing them to become stuck in reboot loops and rendering them unusable.

Windows estimates that the update from CrowdStrike had an impact on approximately 8.5 million Windows devices.

The leaked data includes a detailed pattern of information such as:

  • ID: 20XX
  • First Name: John
  • Last Name: Doe
  • Product Name: Windows 11 Home
  • Product Version: 22H2
  • Release Date: 2023-02-15
  • Expiration Date: 2034-04-23
  • Category: Operating System
  • License Key: 069IU-Y9KBH-XXXX-XXXX-XXXX
  • Password: cc6XXXXXXXXXXXXXXXXXXX
  • Ticket ID: 436-XXX-XXX
  • Issue Description: Unable to activate Office 2024
  • Status: In Progress
  • Date of Birth: August 09/1975
  • Phone Number: +447XXXXXXXXXX
  • Email Address: johndoe@gmail.com

The 2 million data are being sold on a dark web forum marketplace, and the threat actor has set a selling price of $10,000

The threat actor or the threat group, going by SilentAction, has published this post on BreachForums, a well-known marketplace for stolen data and bustling with online criminal activities.

Microsoft 365 Data
Sample data provided by threat actor

This data leak seems to be a huge breach involving a ton of sensitive personal and system info from various users. It's not about Microsoft 365 directly, but it covers different Microsoft Windows operating systems, including details like product names, versions, license keys, and user personal info.” One security researcher noted.

It is unclear how SilentAction was able to pull 2 million data from the CrowdStrike bug, but this breach could cause serious issues for the individuals affected.

The leaked data includes personal information and account credentials, making the victims vulnerable to identity theft and other cybercrimes.

Microsoft has yet to give a statement regarding the data leak. The CrowdStrike outage is still being discussed, with experts claiming it could take weeks for systems to fully recover.

This flawed update, released by CrowdStrike, one of the biggest cybersecurity providers, knocked many systems offline around the world on Friday.

The outage caused flight and train cancellations and crippled some healthcare systems, providing an opportunity for cybercriminals to exploit the situation.

Disclaimer: This news article is based on internal investigations. Users are responsible for their reliance on the content herein. Hackerdose assumes no liability for the accuracy of the information or any consequences arising from its use.

Leave a comment