GoKawiilCloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data.
Pax8 is a fast-growing cloud commerce marketplace with more than 1,700 employees, over 47,000 partners worldwide, and operations in 18 countries. The company recently surpassed $2 billion in annual revenue, with particularly strong growth in Europe.
CSV exposes customer and licensing data
The email, titled "Potential Business Premium Upgrade Tactic to Save Money," was sent on January 13 by an EMEA-based strategic account manager and included a CSV attachment.
According to Pax8, the file contained internal pricing and Microsoft program information affecting approximately 1,800 partners, primarily in the UK, with one in Canada—and was accidentally distributed to fewer than 40 UK-based recipients.
MSPs who received the message told BleepingComputer that the CSV file listed customer organization names, Microsoft SKUs, license counts, and New Commerce Experience (NCE) renewal dates.
Pax8 email sent to MSPs containing the spreadsheet with customer data (BleepingComputer)
Artifacts shared with BleepingComputer directly by multiple recipients reveal that the leaked spreadsheet contained more than 56,000 entries with fields such as:
Partner Name and ID
Customer Name and ID
... continue reading