From darkreading.com
Sensitive information for some Microsoft customers were exposed by a misconfigured server, Microsoft Security Response Center said on Wednesday. The misconfigured endpoint was accessible on the Internet and did not require authentication.
The exposed information included names, email addresses, email content, company name, phone numbers, and files “relating to business between a customer and Microsoft or an authorized Microsoft partner,” the company said. The endpoint has already been secured to require authentication, and affected customers have been notified.