Microsoft Exposed 250 Million Customer Support Logs
Microsoft recently announced that customer data was leaked following a permissions misconfiguration in its internal systems. The misconfiguration occurred on December 5th 2019. It was repaired on December 29th after Cybersecurity Professional Bob Diachenko discovered the leak and alerted the company on that same day.
Microsoft assured the public that most of its sensitive data is automatically redacted. However customer email addresses were leaked to the public.
Diachenko discovered that Microsoft’s internal customer support data was available to the public on Elasticsearch servers. Diachenko found 250 million records of customer support data. The discovered data included logs of customer support tickets since 2005. Data in the logs included emails of both the customer support agents and customers. It also included IP addresses and geographic locations. However, Diachenko could not confirm whether the data was actually accessed by unauthorized individuals, only that it was available to be accessed without needing any credentials.
Microsoft states that the leak is not indicative of a lack of security on its Azure servers. It assured the public that it has many solutions available to prevent these cloud misconfigurations from occurring, but that these were not implemented on its own internal customer support system.
In response to the misconfiguration, Microsoft stated that it will employ several additional security measures to ensure that it does not occur again. These include conducting an official audit of its internal systems, adding stricter information redaction, and increasing its efforts to detect misconfigurations and alerts.
Don’t fall victim to data misconfigurations. Our team of cybersecurity experts have years of experience in identifying potential misconfigurations and vulnerabilities in business networks. We can help your business find and repair security vulnerabilties in your infrastructure before they become sites for cyberattack. Call us at +1 888 366 4443 or email us at email@example.com to get started with a consultation today.