Data Breach Hits Microsoft Customer Service Database

January 31, 2020

Written by wukovits

Over the last twelve months, we’ve heard reports from companies of all shapes and sizes that have suffered from data breaches.

Many of them were caused by an act of carelessness on the part of an employee that accidentally left an important database exposed to the world. It raises eyebrows though, to hear that Microsoft was the target of such an action.

Surprising or not, Microsoft recently disclosed that a total of five servers storing a variety of customer support analytics were accidentally exposed online in December 2019.

Credit goes to Bob Diachenko, a researcher with Security Discovery. He found the leaky database, which consisted of a cluster of five ElasticSearch servers. According to Diachenko, all five servers stored the same data, appearing to be mirrors of each other.

The servers contained nearly 250 million entries that included IP addresses, email addresses and support case details. Upon learning of the incident, Microsoft responded quickly. They secured the servers in question and made an announcement, which also reassured users that “as part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information.”

After conducting an in-depth investigation, the company concluded that the data had not been copied or maliciously used by third parties. The leak was caused by a misconfiguration of the Azure security rules it deployed on December 5th, 2019.

The company made the following changes and now:

  • Audits the established network security rules for internal resources
  • Has expanded the scope of the mechanisms that detect security rule misconfigurations
  • Has added additional alerting to service teams when security rule misconfigurations are detected
  • Has begun implementing additional redaction automation

No company is immune, not even Microsoft. Kudos to the company for their rapid response and deft handling of the issue. That’s how it’s done.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.