Microsoft assured the public that most of its sensitive data is automatically redacted. However customer email addresses were leaked to the public.

Diachenko discovered that Microsoft’s internal customer support data was available to the public on Elasticsearch servers. Diachenko found 250 million records of customer support data. The discovered data included logs of customer support tickets since 2005. Data in the logs included emails of both the customer support agents and customers. It also included IP addresses and geographic locations. However, Diachenko could not confirm whether the data was actually accessed by unauthorized individuals, only that it was available to be accessed without needing any credentials.

Microsoft states that the leak is not indicative of a lack of security on its Azure servers. It assured the public that it has many solutions available to prevent these cloud misconfigurations from occurring, but that these were not implemented on its own internal customer support system.

In response to the misconfiguration, Microsoft stated that it will employ several additional security measures to ensure that it does not occur again. These include conducting an official audit of its internal systems, adding stricter information redaction, and increasing its efforts to detect misconfigurations and alerts.

Don’t fall victim to data misconfigurations. Our team of cybersecurity experts have years of experience in identifying potential misconfigurations and vulnerabilities in business networks. We can help your business find and repair security vulnerabilties in your infrastructure before they become sites for cyberattack. Call us at +1 888 366 4443 or email us at info@gige.ca to get started with a consultation today.

The post Microsoft Exposed 250 Million Customer Support Logs appeared first on GIGE IT Solutions: IT Services Mississauga.