Microsoft cops to exposing customer data online


By Dylan Bushell-Embling
Friday, 24 January, 2020

Microsoft cops to exposing customer data online

Microsoft has admitted to accidentally exposing more than 250 million customer support records in a data leak involving a misconfigured database.

Researchers at tech comparison website Comparitech recently uncovered five publicly accessible Elasticsearch servers online, each containing an identical set of the 250 million records.

The records contained logs of conversations between Microsoft support agents and customers worldwide dating back 14 years to 2005.

While most of the personally identified information was redacted, many records contained plain text data that included customer email address, IP addresses, locations, Microsoft support agent emails and other potentially sensitive information, Comparitech said.

According to Microsoft, an investigation into the leak has found no malicious use of the data.

The company has traced the leak to a change made to a database's network security group on 5 December which inadvertently contained misconfigured security rules. The configuration was altered on 31 December, restricting public access to the database.

While most identifying data was redacted using automated tools, Microsoft acknowledged that in a small amount of cases some sensitive data may have remained unredacted — such as email addresses typed out in a non-standard format. The company has started notifying customers who had unredacted data in the database.

Meanwhile, the company is taking actions to prevent a recurrence of such an incident, including auditing established network security rules for internal resources and expanding the scope of mechanisms in place to detect security rule misconfigurations.

Image credit: ©stock.adobe.com/au/Igor

Related News

Digital trust leaders outperform their peers: research

Companies categorised as leaders in implementing digital trust strategies are reaping the...

IT decision-makers believe AI is key to protect against cyber threats: report

According to reseach, 40% of Australian IT decision-makers believe the use of AI will help them...

New Relic upgrades app security testing suite

The New Relic Interactive Application Security Testing solution has been upgraded with new...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd