Cloud Marketplace Pax8 Accidentally Exposes Data on 1,800 MSP Partners
Summary:
Cloud marketplace and distributor Pax8 confirmed that an internal email sent on January 13 to fewer than 40 UK-based partners mistakenly included a CSV file containing sensitive business information related to Microsoft licensing and MSP customers. The spreadsheet contained over 56,000 entries affecting approximately 1,800 partners, primarily in the UK, and included customer organization names, Microsoft SKUs, license counts, renewal dates, pricing-related fields, and other commercial metadata. While Pax8 stated the file did not contain personally identifiable information, it exposed data that would normally only be accessible to the managing MSP and Pax8.
Security Officer Comments:
There are reports that threat actors are actively attempting to purchase the dataset. Although no PII was disclosed, the exposed dataset could have security implications if it ends up in the wrong hands. Threat actors could use the information as a highly targeted intelligence source, identifying organizations’ Microsoft environments, license volumes, renewal timelines, and their managing MSPs to craft convincing phishing, business email compromise, or extortion campaigns timed around renewals or contract negotiations. The data could also enable social engineering attacks that impersonate MSPs or Pax8 itself.
Suggested Corrections:
According to Pax8, the company directly contacted each recipient, requesting the deletion of the email and attachment. Pax8 is currently conducting one-to-one follow-up calls with recipients to reinforce deletion and has since launched an internal review to determine the root cause and prevent a recurrence.
Link(s):
https://www.bleepingcomputer.com/ne...identally-exposes-data-on-1-800-msp-partners/
Cloud marketplace and distributor Pax8 confirmed that an internal email sent on January 13 to fewer than 40 UK-based partners mistakenly included a CSV file containing sensitive business information related to Microsoft licensing and MSP customers. The spreadsheet contained over 56,000 entries affecting approximately 1,800 partners, primarily in the UK, and included customer organization names, Microsoft SKUs, license counts, renewal dates, pricing-related fields, and other commercial metadata. While Pax8 stated the file did not contain personally identifiable information, it exposed data that would normally only be accessible to the managing MSP and Pax8.
Security Officer Comments:
There are reports that threat actors are actively attempting to purchase the dataset. Although no PII was disclosed, the exposed dataset could have security implications if it ends up in the wrong hands. Threat actors could use the information as a highly targeted intelligence source, identifying organizations’ Microsoft environments, license volumes, renewal timelines, and their managing MSPs to craft convincing phishing, business email compromise, or extortion campaigns timed around renewals or contract negotiations. The data could also enable social engineering attacks that impersonate MSPs or Pax8 itself.
Suggested Corrections:
According to Pax8, the company directly contacted each recipient, requesting the deletion of the email and attachment. Pax8 is currently conducting one-to-one follow-up calls with recipients to reinforce deletion and has since launched an internal review to determine the root cause and prevent a recurrence.
Link(s):
https://www.bleepingcomputer.com/ne...identally-exposes-data-on-1-800-msp-partners/