Microsoft accidentally exposed 250 million online customer service records
Continuing to be a security scandal involving one of the world's largest technology corporations.
Continued to be a security scandal involving one of the world's largest technology corporations - signaling a turbulent year in global security. Microsoft recently confirmed that an archive of customer support records and customer service data leaked online from the end of 2019, affecting millions of the company's customers.
Specifically, this security scandal was first discovered by a group of freelance security researchers, led by renowned cyber security researcher Bob Diachenko, which involved a database containing 250 million records from Microsoft customer service and support logs were leaked online - a whopping number.
The incident was later confirmed by Redmond, saying the database was inadvertently exposed due to a misconfiguration of the security rules, which were caused by changes. was implemented by Microsoft experts on December 5, 2019. In other words, this incident stems from a subjective error of the Microsoft engineering team itself.
The leaked database then went under the radar of the BinaryEdge search engine on December 28. The Diachenko team discovered it on December 29 and immediately reported the situation to Microsoft. Although the problem occurred during the Christmas holiday, Microsoft quickly resolved it. The repository was secured again on December 31, right before the New Year.
Most of the data stored in logs is conversations between customers and the Microsoft support team, and they have been reprocessed in accordance with standard company processes. However, there is also a lot of data stored in plain text, including information such as email addresses and support agents, IP addresses, locations, numbers and internal notes. secret.
According to Diachenko's group, this information can be misused by malicious agents to impersonate Microsoft support agents to deceive customers. However, up to now, Microsoft confirmed that it has not found any evidence that the leaked data was used for malicious purposes.
In a written summary of the incident, Microsoft has pledged not to let the same incident occur again, by deploying a new audit process, including checking the current network security rules. In addition, additional warnings will be detected when misconfiguration is detected and active regulatory actions are performed. Redmond Company is currently sending notices to customers affected by this incident.
You should read it
- Building a private data security strategy: Challenges with financial businesses
- The basic steps in dealing with network security issues that you need to understand
- Microsoft 365 has added new security features, which prevent data leakage more effectively
- Data of more than 20 million Taiwanese citizens leaked on the dark web
- Awareness and experience - the most important factor in every network security process
- Honda's database leaked, revealing many 'deadly' weaknesses in the intranet system
- 4 web browsers pay great attention to security
- How to secure data when working from home
- This is the greatest danger when working from a distance
- What you need to know about an information security analyst
- What is data exfiltration? How to prevent this dangerous behavior?
- 4 data security applications on iPhone that you should have