Data Breaches

Microsoft Data Leak exposes 250m Customer Support Records


Those users who have contacted Microsoft for support in the past 14 years are likely to have their technical query and some personally identifiable information compromised.

Microsoft revealed about a security incident which exposed almost 250 million “Customer Service and Support” (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers.

Bob Diachenko, a cybersecurity researcher who found the unprotected database and reported to Microsoft said that the logs contained records from 2005 to December 2019.

Microsoft confirmed in a blog post that it was due to misconfigured security rules added to the server in question on December 5, 2019, that the data was exposed. It was in use until engineers rectified the configuration on December 31, 2019.

Microsoft also stated that the database was altered using automated tools to remove the personally identifiable information of most customers, except in some cases where the information was not in the standard format.

According to Diachenko, many records in the leaked database contained readable data of the customers which includes email addresses, IP addresses, Locations, Descriptions of CSS claims and cases, Microsoft support agent emails, Case numbers, resolutions, and remarks and Internal notes marked as “confidential.”

Microsoft said that the issue was specific to an internal database used for support case analytics and that it does not represent an exposure of their commercial cloud services.

Since the real sensitive case information and email addresses of affected customers were exposed, the leaked data could be misused by tech-support scammers to trick users into paying for non-existent computer problems by impersonating Microsoft support representatives.

Due to this incident, the company began to notify the affected customers whose data was present in the exposed Customer Service and Support database.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    GDPR: More than 160,000 data breaches reported

    Previous article

    Bezos iPhone compromised by Saudi prince

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *