Login

Register

Login

Register

Home In Media Gadget News Microsoft accidentally leaked 250 million customer service records

Microsoft accidentally leaked 250 million customer service records

Most people might be excited to celebrate the start of a new year, full of new chances and opportunities. However, that’s not the case for many of Microsoft’s security teams, who had to work overtime during the New Year to hopefully close a huge security breach that was noticed after a serious leak. Just this Thursday (Jan 22, 2020), Microsoft revealed that it had accidentally leaked 250 million customer service records back in December (Dec 29, 2019), leaving a ton of its customers’ data accessible to anyone with a web browser.

The company acknowledged the security breach almost one month later, stating that it didn’t found any evidence of malicious use of its accidentally leaked customer data.

Comparitech’s Security Research Team, which was led by Bob Diachenko, stated that they successfully discovered the vulnerability on December 29th.

Still, Microsoft was sort-of-quick to take care of the situation, fixing the issue two days later. The company explained that the exposure was caused by a “misconfiguration” of one of its internal customer support databases, but no evidence of “malicious use” was found.

The server included conversation logs that dated as far back as 2005 between members of Microsoft’s dedicated support team and customers from across the world. Comparitech also shared a jaw-dropping shameful fact, stating that Microsoft’s database wasn’t password-protected. Still, Microsoft assured that the “vast majority” of personal data that was exposed was censored.

On the other hand, Comparitech revealed that some specific information like email and IP addresses was stored in plain text format, making it fully-visible and easily prone to doxing.

If anyone at all had been able to access the logs, they could have used the personal data of any of Microsoft’s support staff to easily impersonate them and run a phishing scheme.

Microsoft shared a public apology at the end of its blog post, saying “We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence.”

The company already started notifying all customers whose data was stored on the database.

After Microsoft accidentally leaked 250 million customer service records, it assured that it’s looking to run a thorough inspection of its internal security rules and also implement additional tools to automatically censor any included sensitive user information. The company also assured that it put in place new and expanded alerts to notify its service teams whenever a security misconfiguration is detected.

Nonetheless, this accounts to be Microsoft’s second major data security breach related to its customer support system in a single year. Back in April 2019, Microsoft revealed that hackers had used a customer support representative’s credentials to breach the email accounts of some of its customers.

What’s important to take from this is that in both cases the internal support systems had almost unmatched levels of access to user information. This made the systems extremely tempting targets to more skilled hackers in both situations (April and December).

Right after the first security breach, Cyxtera’s chief security technology officer Dave Aitel had already warned about the dangers involved with Microsoft’s email breach, stating that support was just “a big security hole waiting to happen.”

As it turns out, Aitel was 100% right as another security breach happened right over the New Year.

All we can do now is hope that Microsoft learns from this second situation and takes the necessary precautions to actually keep its customer’s and support staff’s personal data protected.

David Novakhttps://www.gadgetgram.com
For the last 20 years, David Novak has appeared in newspapers, magazines, radio, and TV around the world, reviewing the latest in consumer technology. His byline has appeared in Popular Science, PC Magazine, USA Today, The Wall Street Journal, Electronic House Magazine, GQ, Men’s Journal, National Geographic, Newsweek, Popular Mechanics, Forbes Technology, Readers Digest, Cosmopolitan Magazine, Glamour Magazine, T3 Technology Magazine, Stuff Magazine, Maxim Magazine, Wired Magazine, Laptop Magazine, Indianapolis Monthly, Indiana Business Journal, Better Homes and Garden, CNET, Engadget, InfoWorld, Information Week, Yahoo Technology and Mobile Magazine. He has also made radio appearances on the The Mark Levin Radio Show, The Laura Ingraham Talk Show, Bob & Tom Show, and the Paul Harvey RadioShow. He’s also made TV appearances on The Today Show and The CBS Morning Show. His nationally syndicated newspaper column called the GadgetGUY, appears in over 100 newspapers around the world each week, where Novak enjoys over 3 million in readership. David is also a contributing writer fro Men’s Journal, GQ, Popular Mechanics, T3 Magazine and Electronic House here in the U.S.

Must Read

Tennis Betting is Back on Track – Best Tips to Get Started

For any tennis enthusiast out there, just like playing the sport, watching live tennis matches on services like ESPN or ESPN+ can also be quite fun. That's mainly because whether you're still on the court swinging your Tennis Racquet or you've already retired to the stands, regardless of your tennis skill levels, anyone that's truly passionate about tennis will show a tremendous love for the sport that will most likely last them an entire lifetime. However, while watching live tennis matches where your favorite tennis players dominate the court can be quite thrilling, you can still amp up the game another notch by having some money on the line. That's exactly why tennis betting is back on track, as that is where the real rush and excitement is at. This article offers the three best tips for anyone that's looking to get into Tennis Betting.

Why Amazon Web Services (AWS) Is So Popular

Amazon Web Services is a cloud platform created by Amazon that's used by companies that require large storage spaces for their digital data, including a vast array of services like providing servers, networking, remote computing, email, mobile development, and security. This article covers all the perks that AWS has to offer which have also successfully retained many companies’ interest in it.

Muse S Meditation Headband – Immersive Multi-Sensor Meditation Device

The Muse S Meditation Headband is a comfortable-to-use multi-sensor EEG wearable device that utilizes built-in biosensors to measure your brain activity, heart rate, breathing, and body movements and provides real-time feedback on all that collected biometric data. Users can comfortably and conveniently wear the Muse S headband at any time of the day to have this smart headband help them practice mindfulness and meditation and to build a more consistent meditation practice.

Are we afraid of AI in CRM and Customer Success?

The current business era is one of tech-disruption. It’s time for businesses to embrace technology to propel their Customer Relationship Management or they will perish in the race of attaining commercial success. Artificial intelligence has changed the way organizations function. It has seeped into all major industries, and brought about speed, agility and convenience in business operations. Everywhere we look, we can see artificial intelligence making a difference!

Modus M-230 – Handheld Ultrasonic Dog Bark Control & Behavior Training Device

The Modus M-230 is a handheld ultrasonic Dog Bark Control and Behavior Training Device that allows dog owners to train their dogs to be able to control their barking, clawing, and chewing urges in a gentle and non-intrusive manner. With it, dog owners can easily have a convenient, non-intrusive, consistent, and effective way of teaching their dogs to stay away from any type of unwanted behavior like loud and unwanted barking, as well as aggressive clawing and chewing.

Check Out Gagetguy On Indystyle

Check Out Gagetguy On PetPals TV