News: 0175281483

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Microsoft Says It Lost Weeks of Security Logs For Its Customers' Cloud Products (techcrunch.com)

(Friday October 18, 2024 @11:30PM (msmash) from the oops dept.)


Microsoft has notified customers that it's [1]missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report:

> According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19.

>

> The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.



[1] https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/


Shrug (Score:3)

by iAmWaySmarterThanYou ( 10095012 )

You're hosted in Microsoft's cloud. You don't need logs to know you were hacked. Just assume you were hacked again and move on to the clean up and post mortem steps.

Damn..... (Score:2)

by dowhileor ( 7796472 )

Microsoft practically invented cloud redundancy. They mulefaced the thing....

And it took 3 weeks to notice... (Score:3)

by OneOfMany07 ( 4921667 )

I can see you have a lot of automation to help out in the boring stuff like monitoring and validating incoming data. And some very motivated employees!

Guess I should be happy they were honest about it at all, and not just hiding it until someone else notices and publicly shames them.

Re:And it took 3 weeks to notice... (Score:4, Insightful)

by Retired Chemist ( 5039029 )

I am not sure that is true. The article implies that Business Insider broke the story first.

Been there, Done that (Score:3)

by spaceman375 ( 780812 )

Mine was only eight hours of data for some +50 websites, but I feel for them. If it didn't get saved you can't recover it. But two weeks worth? If it went on that long, I wouldn't trust that IT team to know if it was what they blame or a clever hacker covering his tracks with a false flag.

Security... (Score:4, Funny)

by kellin ( 28417 )

Microsoft taking that security through obscurity literally..

Re:Security... (Score:4, Insightful)

by sound+vision ( 884283 )

More like reputation through obscurity. They just had that big breach last year with some bigwigs' Outlook 365 accounts getting compromised. It wouldn't be acceptable to announce another breach this year. So instead they announce the logs went missing.

Kind of like when police bodycam footage goes missing.

"We're Trusted(TM)" (Score:2)

by Malay2bowman ( 10422660 )

...because we say we are.

Not a security incident, huh? (Score:2)

by kmoser ( 1469707 )

> The notification said that the logging outage was not caused by a security incident [...]

Without logs, how would you know for sure that it wasn't a security incident?

The geographical center of Boston is in Roxbury. Due north of the
center we find the South End. This is not to be confused with South
Boston which lies directly east from the South End. North of the South
End is East Boston and southwest of East Boston is the North End.