Microsoft discloses security breach of customer support database

Microsoft discloses security breach of customer support database

Microsoft discloses security breach of customer support database

According to Diachenko, the customer support database contained a cluster of five Elasticsearch servers that are used to help simplify search operations. Additionally, "most" of the records in the database-but not all-had been redacted of personal information, the company said.

In a blog post about the incident, Microsoft said the issue stemmed from a December 5 change to the database that "contained misconfigured security rules that enabled exposure of the data". Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices.

The security research team at Comparitech discovered five servers, each of which contained the same 250 million logs of conversations with Microsoft support agents and customers.

"This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services", Microsoft said in its blog.

What information was left exposed?

There was, however, still a great deal of information stored in plain text, including: customer email addresses, IP addresses, locations, descriptions of CSS claims and cases, Microsoft support agent emails, case numbers, case resolutions, case remarks, and internal notes marked as "confidential".

We assume that if you don't hear from Microsoft, even if you did contact support during the 2005 to 2019 period, then either your data wasn't in the exposed database, or there wasn't actually enough in the leaked database to allow anyone, including Microsoft itself, to identify you.

We don't know how many people were affected or exactly what personal data was opened up for those users. For example, they could cite actual case numbers gathered from the exposed database.

For these cases, Microsoft said it began notifying impacted customers today, although it also added that it "found no malicious use" of the data.

Still, Microsoft customers should be careful about email phishing scams and tech support scams.

What is Microsoft doing to prevent another exposure?

The company informed Microsoft, and Microsoft quickly secured the data.

"We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence", Microsoft concluded.

The company will now audit network security rules for internal resources, expand its scope of mechanisms that detect improper security rules, and add more alerting services for when rules aren't being properly followed.

Related news

[an error occurred while processing the directive]