A database error that temporarily left approximately 250 million customer service and support records that was effectively visible from the cloud to the world.
Microsoft disclosed a security breach that took place last month in December 2019. The company disclosed a database error that temporarily left approximately 250 million customer service and support records that was effectively visible from the cloud to the world.
Microsoft didn’t give details of how big the database was. However, consumer website Comparitech, which says it, discovered the unsecured data online, claims it was to the order of 250 million records containing logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019. According to Comparitech, that same data was accessible on five Elastic search servers. The company informed Microsoft, and Microsoft quickly secured the data.
Commenting on this Paul Ducklin, principal research scientist, Sophos says “Hundreds millions of records were exposed, but it sounds as though comparatively few people actually had recognizable email addresses in the leaked database. In other words, most people won’t actually receive warnings from Microsoft – but might well receive “warnings” from crooks claiming to be Microsoft. Remember: don’t click on links in security warnings, even if you think they’re real. That way you will avoid end up on phishing sites by mistake, and you won’t put in your password where you shouldn’t. Find your own way to any login pages you use, and never let yourself be frightened or cajoled into relying on contact data provided in an email”.
