HomeWinBuzzer NewsMicrosoft Says Security Firm Overplayed BlueBleeds Power Apps Flaw

Microsoft Says Security Firm Overplayed BlueBleeds Power Apps Flaw

Microsoft has confirmed the BlueBleed Power Apps misconfiguration bug but criticizes the security team that found it.


Security researchers from SOCRadar recently revealed a misconfiguration (dubbed “BlueBleed”) in Power Apps that could potentially lead to the personal information of users leaking online. The platform suffered a similar breach back in 2021 when 38 million private records were found online. Microsoft is now issuing an advisory about the bug but also calling out the security team that found it.

In its Response Center (MSRC) advisory confirming the bug, the company says it has known about it since September 24. That is when SOCRadar told Microsoft about the problem. MSRC says the BlueBleed problem stems from a misconfiguration in the Azure Blob Storage bucket.

The bug allowed data between Microsoft and customers to be available publicly. This data includes email addresses, names, company names, file attachments, phone numbers, and the contents of emails.

While Microsoft is confirming the bug, the company is also critical of SOCRadar. The company says the security research firm overstated the issue by calling it “one of the largest B2B leaks in recent years”. SOCRadar said the data covered 65,000 entities and affected 111 different countries.

Microsoft's Response

Microsoft argues much of the data loss from the misconfiguration is duplicate and that SOCRadar is blowing it out of proportion:

“We appreciate SOCRadar informing us about the misconfigured endpoint, but after reviewing their blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue.  Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users. We take this issue very seriously and are disappointed that SOCRadar exaggerated the numbers involved in this issue even after we highlighted their error.

More importantly, we are disappointed that SOCRadar has chosen to release publicly a “search tool” that is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk.”

Tip of the day: Headsets are a vital tool for communication and can cause stressful moments when they don´t work as planned. In our tutorial we are showing you how to properly set up a headset on your Windows PC so this will be a thing of the past.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News