Microsoft accidentally exposes 250 million customer support records online

Microsoft discloses security breach of customer support database

Microsoft accidentally exposes 250 million customer support records online

Microsoft points out that the "vast majority of records were cleared of personal information", the result of using automated tools to redact certain info.

This week, Comparitech writer and privacy advocate Paul Bischoff published a report on an incident that left 250m Microsoft customer service and support (CSS) records exposed on the internet.

Diachenko spoke to ZDNet and specified that the database consisted of a cluster of five Elasticsearch servers.

Bob Diachenko, a security researcher with Security Discovery, spotted the security breach and alerted Microsoft of the issue. All five servers stored the same data, appearing to be mirrors of each other.

According to Comparitech, much of the personally identifiable information associated with the CSS records was redacted, however numerous records contained plaintext data.

Information that was exposed included customer email addresses, IP addresses, descriptions of ongoing claims and cases, email addresses of Microsoft support representatives, location data, and "confidential" internal notes penned by Microsoft support reps.

Phoenix mom confesses to killing her children, an infant and 2 toddlers
The children were unresponsive and pronounced dead after officers administered CPR and fire officials provided first aid. It is too early to determine the cause of death and there were no obvious signs of trauma, said Phoenix Police Sgt.


Bischoff wrote: "The dangers of this exposure should not be underestimated".

These are scammers that contact individuals under the guise of representing Microsoft.

With detailed logs and case information in hand, scammers stand a better chance of succeeding against their targets.

Microsoft apologized for failing to secure customer information and promised to take further action to prevent a similar situation. "From there, they could phish for sensitive information or hijack user devices".

Tech savvy uses already know to be wary of unsolicited emails and phone calls.

The data was exposed after it was indexed by search engine BinaryEdge.

Migrants Going To US Clash With Mexican Forces At Guatemala Border
Mexican troops fired tear gas to force them back, leading to scenes of chaos as huge crowds of people flailed across the river. They assured those accompanying them that they would "regularize" their status, but few migrants believed them.


We also don't know who else, besides Comparitech, may have noticed in the three weeks it was exposed, although Microsoft says that it "found no malicious use".

"I have been in touch with the Microsoft team helping and supporting them to properly investigate it", Diachenko told ZDNet.

Microsoft secured the databases over 30-31 December, winning praise from Diachenko for "quick turnaround on this despite [it being] New Year's Eve".

Microsoft disclosed a security breach caused by a misconfigured internal customer support database that led to the accidental exposure of roughly 250 million customer support and service records, some of them containing personally identifiable information.

Microsoft said it concluded an investigation into a "misconfiguration of an internal customer support database" in a notice posted on the Microsoft website.

Giuliani associate Lev Parnas asks AG Barr to recuse himself from case
The president also says he wants the still-anonymous whistle-blower whose report sparked the impeachment inquiry to testify. Dershowitz reminded Americans in an interview Sunday that the Constitution labels these as treason and bribery.


Latest News