Microsoft customer support database exposed online

Microsoft customer support database exposed online

"While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and holding ourselves accountable", it added. We have asked Microsoft for comment and will update with information received.

The software giant provided further details on the security breach in a blog post in which it said that the database was storing anonymized user analytics and was accidentally exposed online between December 5 and December 31.

Comparitech reports that it first discovered the publicly-accessible data on December 29 - the day after it was first indexed by BinaryEdge - and immediately contacted Microsoft.

"This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services", Microsoft said in its blog. Per company policy, information stored in the database was redacted to remove personal information, Microsoft said. Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices.

What information was left exposed?

For instance, email addresses separated with spaces like "username @" instead of "" were left untouched by Microsoft's automated PII redaction tools. However, a subset contained plain-text data including email addresses, IP addresses, case descriptions, emails from Microsoft support, case numbers and "internal notes marked as confidential". "The data could be valuable to tech support scammers, in particular". For example, they could cite actual case numbers gathered from the exposed database.

Eric Doerr, general manager of the Microsoft's Security Response Center (MSRC), said: "We're thankful to Bob Diachenko for working closely with us so that we were able to quickly fix this misconfiguration, analyze data, and notify customers as appropriate". Diachenko only noticed the database after it was indexed by a search engine on December 28, and it's not clear if anyone else saw it. Hopefully, Microsoft will alert its customers to be careful in the coming months.

What is Microsoft doing to prevent another exposure?

"If scammers obtained the data before it was secured, they could exploit it by impersonating a real Microsoft employee and referring to a real case number".

Auditing the established network security rules for internal resources.

Related Articles