Microsoft accidentally exposes 250 million customer support records online

Microsoft sign at Ignite in Orlando

Microsoft accidentally exposes 250 million customer support records online

Microsoft points out that the "vast majority of records were cleared of personal information", the result of using automated tools to redact certain info.

This week, Comparitech writer and privacy advocate Paul Bischoff published a report on an incident that left 250m Microsoft customer service and support (CSS) records exposed on the internet.

Diachenko spoke to ZDNet and specified that the database consisted of a cluster of five Elasticsearch servers.

Bob Diachenko, a security researcher with Security Discovery, spotted the security breach and alerted Microsoft of the issue. All five servers stored the same data, appearing to be mirrors of each other.

According to Comparitech, much of the personally identifiable information associated with the CSS records was redacted, however numerous records contained plaintext data.

Information that was exposed included customer email addresses, IP addresses, descriptions of ongoing claims and cases, email addresses of Microsoft support representatives, location data, and "confidential" internal notes penned by Microsoft support reps.

Brad Pitt watched ex-wife Jennifer Aniston's SAG speech from backstage
After the award ceremony ended, Jen revealed her thoughts on Brad's heartwarming gesture. "Was Brad in there with you?" one asked. She said: "So proud of you!" Jessica Capshaw: "You are the definition of glamour, grace, beauty and adorableness".

Bischoff wrote: "The dangers of this exposure should not be underestimated".

These are scammers that contact individuals under the guise of representing Microsoft.

With detailed logs and case information in hand, scammers stand a better chance of succeeding against their targets.

Microsoft apologized for failing to secure customer information and promised to take further action to prevent a similar situation. "From there, they could phish for sensitive information or hijack user devices".

Tech savvy uses already know to be wary of unsolicited emails and phone calls.

The data was exposed after it was indexed by search engine BinaryEdge.

Nate Jackson: Opening Salvos in the Trump Impeachment Trial
The Senate impeachment trial of President Trump could be exceedingly brief if legal scholar Alan Dershowitz has his way. Trump signaled his opposition to witnesses, tweeting Monday: "They didn't want John Bolton and others in the House".

We also don't know who else, besides Comparitech, may have noticed in the three weeks it was exposed, although Microsoft says that it "found no malicious use".

"I have been in touch with the Microsoft team helping and supporting them to properly investigate it", Diachenko told ZDNet.

Microsoft secured the databases over 30-31 December, winning praise from Diachenko for "quick turnaround on this despite [it being] New Year's Eve".

Microsoft disclosed a security breach caused by a misconfigured internal customer support database that led to the accidental exposure of roughly 250 million customer support and service records, some of them containing personally identifiable information.

Microsoft said it concluded an investigation into a "misconfiguration of an internal customer support database" in a notice posted on the Microsoft website.

Giuliani associate Lev Parnas asks AG Barr to recuse himself from case
The president also says he wants the still-anonymous whistle-blower whose report sparked the impeachment inquiry to testify. Dershowitz reminded Americans in an interview Sunday that the Constitution labels these as treason and bribery.

Latest News