The UCLA Information Security Office (ISO) is aware of the recent report regarding the Microsoft BlueBleed data leak and has initiated contact with our campus Microsoft account representative to fully understand the extent of UCLA’s exposure. Open source tooling SOCRadar (https://socradar.io/labs/bluebleed) published by the security research group that originally detected this leak, SOCRadar, has indicated that ucla.edu was impacted to some extent. If your area maintains a local relationship with Microsoft for any services, you are encouraged to also search affiliated subdomains, and then reach out to any local Microsoft support resources for further details. Please share any findings discovered to security@ucla.edu. As the ISO understands the scope of campus exposure, we may be reaching out locally to impacted areas with further inquiry.
Additional information regarding this data leak can be found at:
Bleeping Computer (https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/)
Microsoft Security Response Center (https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/)
Microsoft’s official statement on the matter concludes that impacted customers have already been directly notified. If you have received any notice(s) regarding this data exposure, please contact us at security@ucla.edu so that we can add this to our tracking and put together a comprehensive picture of impact to campus.
