Microsoft Data Breach leaves 250 Million Records Exposed
Microsoft has confirmed that a data breach has led to the exposure of 250 million records that can be accessed by anyone through a web browser. Microsoft in a blog post said that an internal database was exposed due to some misconfigured security rules between 05 and 31 December 2019.
Security researcher Bob Diachenko spotted the loophole and reported it on 29 December 2019. The Microsoft officials were busy securing the database as everyone else was celebrating the start of a new year.
Despite Microsoft having not leaked the number of consumers affected, Comparitech said that around 250 million customer service and support records were exposed. Comparitech said the database comprised of logs between consumers and Microsoft customer service from 2005.
Surprisingly, the data was not password-protected or required any authentication. This enabled anyone to look through the details just with the help of an Internet connection. However, Microsoft said that as part of their standard procedure of deleting stored personal information with the help of automated tools, they redacted most of the data.
However, Microsoft concurred and Diachenko also told Comparitech that some information was exposed as many records had a plain text. The information included customer emails, agent emails, locations, IP addresses, case numbers, and remarks and notes on the case.
Meanwhile, Microsoft said that they have already started notifying the customers about the data breach. They also mentioned that they have put security practices that will help prevent any future security rule misconfigurations.
The Windows users must be vigilant at all times as even some crooks can use the exposed information and claim to be a customer agent of Microsoft. Microsoft secured its database and also checked other databases for any security loophole.
What’s your comment on this recent breach of Microsoft?