A data breach of 250 million Microsoft users has been reported by the Comparitech security research team, which is led by Bob Diachenko. The tech giant left hundreds of millions of customer service and support requests exposed on several servers without password protection from Dec. 5 to Dec. 31, 2019, Microsoft admits in the reply of this data breach found by Bob Diachenko by publishing a blog post.
Microsoft in its blog post admits this data breach by quoting that it was due to “misconfiguration of an internal customer support database”, which the company uses for tracking support cases. This includes logs of conversations between Microsoft support agents and customers of 14 years.
Kudos to MS Security Response team – I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve. https://t.co/PPLRx9X0h4
— Bob Diachenko (@MayhemDayOne) January 22, 2020
Later the company also mentioned that it fixed the vulnerability on 31 December 2019. As from the report from the researcher, most of the leaked data like “emails, contact numbers, and payment information” were redacted. However, a large portion of the leaked data reportedly was also in plain text, which included, but was not limited to, customer email addresses, IP addresses, locations, Microsoft support agent emails, case numbers, resolutions, and remarks and internal notes marked as “confidential”.
“Misconfigurations are unfortunately a common error across the industry,” the Security Response Center wrote. “We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database.” The company wrote that it had no evidence that malicious parties accessed the information.
Microsoft also noted in the blog post that it has been working on different security measures to increase the security of the database after this incident to prevent such data breach in the future. Those include “auditing established network security rules for internal resources,” expanding detection and reporting of security rule misconfigurations and redacting more information from records in the future.
For the latest tech news and updates, Install TechCodex App and follow us on Facebook and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.