Microsoft Exposes 250M Customer Support Records on Leaky Servers

Microsoft discloses security breach of customer support database

Microsoft accidentally exposes 250 million customer support records online

According to Comparitech, all five servers contained identical information from the 250 million customer records.

Armed with this information, there is plenty of scope for identifying the customers, learning more about their internal IT systems if they are businesses, and using the data for activities such as impersonating Microsoft support and thereby gaining access to personal computers or business networks. We have asked Microsoft for comment and will update with information received.

Microsoft said it concluded an investigation into a "misconfiguration of an internal customer support database" in a notice posted on the Microsoft website.

In a blog post about the incident, Microsoft said the issue stemmed from a December 5 change to the database that "contained misconfigured security rules that enabled exposure of the data".

Carlos Beltran out as Mets manager amid Astros sign stealing scandal
The scheme devised by the Astros involved using trash cans and video cameras to send out signals to hitters. Beltran is the third manager to lose his job in the fallout from the investigation.

"Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices", according to the blog post.

Microsoft claims the issue was limited to an internal database used for support-case analytics and not commercial cloud services.

"I immediately reported this to Microsoft and within 24 hours all servers were secured", said Bob Diachenko of Comparitech security research team. "In some scenarios, the data may have remained unredacted if it met specific conditions".

For instance, email addresses separated with spaces like "username @ domain.com" instead of "username@domain.com" were left untouched by Microsoft's automated PII redaction tools.

Deadly Chinese virus may have infected over 1700 people, study claims
The Wuhan commission referred queries on the report to China's National Health Commissi5on and the Hubei provincial government. There are thermal scanners at ports and airports in Indonesia to monitor travellers fevers amid fears the virus could spread.

The servers contained roughly 250 million entries, with information such as email addresses, IP addresses, and support case details.

Still, the leaked information could prove valuable to ubiquitous tech support scammers that are a thorn in the sides of PC users - particularly older Windows customers.

That is cold comfort for customers whose data was exposed. For example, they could cite actual case numbers gathered from the exposed database. Microsoft has already begun notifying impacted customers though the company has "found no malicious use" of the data. Diachenko only noticed the database after it was indexed by a search engine on December 28, and it's not clear if anyone else saw it.

On 28 December 2019, these databases were found by BinaryEdge, which crawls the internet looking for exposed data. Hopefully, Microsoft will alert its customers to be careful in the coming months. Microsoft mentioned that it is taking action to prevent future occurrences of this issue.

Biden Could Gain From Warren-Sanders Dispute
It didn't take long for Biden's lead to shrink in the new year as he looks to be slipping into second place in national polling. Klobuchar and Warren said they planned to vote in favour of the USMCA. "You called me a liar", Sanders continued.

Latest News