BlueBleed Check

The BlueBleed incident, discovered by SOCRadar in 2022, involved misconfigured Microsoft Azure Blob Storage containers that made sensitive business data publicly accessible. Exposed data categories included customer names and contact information, signed contracts and purchase orders, product pricing lists, technical support communications, internal project documentation, and supplier information. Over 65,000 organizations across 111 countries were affected.

Enter your organization's domain name into the search bar. The tool queries SOCRadar's indexed dataset of exposed records from the BlueBleed incident and returns whether any documents or data records associated with your domain were found in the leaked dataset. Results include the data categories exposed and approximate volume of affected records, helping you assess the scope of any exposure.

If your domain appears in the BlueBleed results, recommended steps include: notifying your legal and compliance team about potential data exposure, reviewing contracts and communications that may have been exposed for sensitive third-party information, assessing whether any regulatory notification obligations apply (GDPR, CCPA), and auditing your own Azure storage configurations to prevent similar misconfigurations on your end.

Microsoft addressed the misconfigured storage containers after SOCRadar's responsible disclosure in 2022. The data is no longer accessible via the original Azure endpoints. However, data that was publicly accessible for an extended period may have been indexed, downloaded, or sold before remediation. This is why checking your organization's exposure and taking appropriate follow-up actions remains important even after the original vulnerability was patched.