https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/ [tc-lockup] TechCrunch Desktop Logo [tc-lo] TechCrunch Mobile Logo * Latest * Startups * Venture * Apple * Security * AI * Apps * Events * Podcasts * Newsletters Sign In Search [ ]Submit * Site Search Toggle Mega Menu Toggle Topics Latest AI Amazon Apps Biotech & Health Climate Cloud Computing Commerce Crypto Enterprise EVs Fintech Fundraising Gadgets Gaming Google Government & Policy Hardware Instagram Layoffs Media & Entertainment Meta Microsoft Privacy Robotics Security Social Space Startups TikTok Transportation Venture More from TechCrunch Events Startup Battlefield StrictlyVC Newsletters Podcasts Videos Partner Content TechCrunch Brand Studio Crunchboard Contact Us Sign In microsoft glitchImage Credits:Bryce Durbin / TechCrunch Security Microsoft said it lost weeks of security logs for its customers' cloud products Zack Whittaker 12:06 PM PDT * October 17, 2024 Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19. The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window. The affected products include Microsoft Entra, Sentinel, Defender for Cloud, and Purview, according to the Business Insider report. Affected customers "may have experienced potential gaps in security related logs or events, possibly affecting customers' ability to analyze data, detect threats, or generate security alerts," the notification said. Microsoft would not answer specific questions about the logging outage, but a Microsoft executive confirmed to TechCrunch that the incident was caused by an "operational bug within our internal monitoring agent." "We have mitigated the issue by rolling back a service change. We have communicated to all impacted customers and will provide support as needed," said John Sheehan, a Microsoft corporate vice president. The logging outage comes a year after Microsoft came under fire from federal investigators for withholding security logs from certain U.S. federal government departments that host their emails on the company's hardened, government-only cloud; investigators said having access to those logs could have identified a series of China-backed intrusions far sooner. The China-backed intruders, referred to as Storm-0558, broke into Microsoft's network and stole a digital skeleton key that allowed the hackers unfettered access to U.S. government emails stored in Microsoft's cloud. According to a government-issued postmortem of the cyberattack, the State Department identified the intrusions because it paid for a higher-tier Microsoft license that granted access to security logs for its cloud products, which many other hacked U.S. government agencies did not have. Following the China-backed hacks, Microsoft said it would start providing logs to its lower-paid cloud accounts from September 2023. Carly Page contributed reporting. Topics China, cybersecurity, Microsoft, Security, us government Most Popular * Daze, a creative, AI-powered messaging app for Gen Z, is blowing up prelaunch + Sarah Perez * A closer look at the AirPods Pro's new hearing aid features + Brian Heater * Groww pays $160M tax as it returns to India amid a startup relocation wave + Manish Singh * Former OpenAI CTO Mira Murati is reportedly fundraising for a new AI startup + Anthony Ha * DJI sues Department of Defense over listing as a Chinese military company + Anthony Ha * What we know about the layoffs at Meta + Cody Corrall * I just spent my first week ever with an EV, the Chevy Equinox -- here's what it was like + Matt Rosoff Author Avatar Zack Whittaker Security Editor Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com. You can also submit files and documents securely via SecureDrop. View Bio Related * [teens-on-phone-GettyImages-1295866781] Apps Daze, a creative, AI-powered messaging app for Gen Z, is blowing up prelaunch + Sarah Perez 7 hours ago * AirPods Pro with case Hardware A closer look at the AirPods Pro's new hearing aid features + Brian Heater 11 hours ago * sunset over Indian street scene In Brief Groww pays $160M tax as it returns to India amid a startup relocation wave + Manish Singh 14 hours ago Latest in Security See More * The apps Instagram, Facebook and WhatsApp can be seen on the display of a smartphone in front of the logo of the Meta internet company. AI Meta tests facial recognition for spotting 'celeb-bait' ads scams and easier account recovery + Natasha Lomas 38 mins ago * a sign outside 23andMe's office in California, featuring the company's office in the background Security 23andMe faces an uncertain future -- so does your genetic data + Carly Page 2 days ago * microsoft glitch Security Microsoft said it lost weeks of security logs for its customers' cloud products + Zack Whittaker 4 days ago TechCrunch Logo * X * LinkedIn * Facebook * Instagram * youTube * Mastodon * Threads * TechCrunch * Staff * Contact Us * Advertise * Crunchboard Jobs * Site Map * Terms of Service * Privacy Policy * RSS Terms of Use * Privacy Placeholder 1 * Privacy Placeholder 2 * Privacy Placeholder 3 * Privacy Placeholder 4 * Code of Conduct * About Our Ads * AirPods Pro Hearing Aids * WordPress vs. WP Engine * Perplexity AI * DataCrunch * Women in AI * Tech Layoffs * ChatGPT (c) 2024 Yahoo.