Complete Guide to Cloud Marketplace Pax8 Accidentally Exposes Data On 1,800 Msp Partners

Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data.

Pax8 is a fast-growing cloud commerce marketplace with more than 1,700 employees, over 47,000 partners worldwide, and operations in 18 countries. The company recently surpassed $2 billion in annual revenue, with particularly strong growth in Europe.

The email, titled "Potential Business Premium Upgrade Tactic to Save Money," was sent on January 13 by an EMEA-based strategic account manager and included a CSV attachment.

According to Pax8, the file contained internal pricing and Microsoft program information affecting approximately 1,800 partners, primarily in the UK, with one in Canada—and was accidentally distributed to fewer than 40 UK-based recipients.

MSPs who received the message told BleepingComputer that the CSV file listed customer organization names, Microsoft SKUs, license counts, and New Commerce Experience (NCE) renewal dates.

Artifacts shared with BleepingComputer directly by multiple recipients reveal that the leaked spreadsheet contained more than 56,000 entries with fields such as:

Shortly after the email was sent, the sender attempted to recall the message and later followed up with another email asking recipients to delete the original message and attachment, acknowledging it had been sent in error:

In the follow-up notice, Pax8 told partners that the file did not contain personally identifiable information but limited business information that may reveal MSP pricing and Microsoft program management details. Such information, including customer portfolios and licensing footprints, would normally be visible only to the MSP managing those tenants and Pax8 itself.

Multiple recipients shared the wording from Pax8's follow up with BleepingComputer:

"Dear Partner, Earlier today, 13 January 2026, a Pax8 employee mistakenly sent an email with an attached spreadsheet to fewer than 40 UK-based partners. The attachment did not contain personally identifiable information. However, the file included limited internal business information reflective of your Pax8 pricing and some Microsoft program management. Importantly, there is no impact to Marketplace availability or security controls as a result of this incident.What we did immediately * Contacted each recipient directly and requested deletion of the email and

Source: BleepingComputer