Click For Photo: https://regmedia.co.uk/2016/07/19/data_breach_shutterstock.jpg
Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019.
On 28 December 2019, these databases were found by BinaryEdge, which crawls the internet looking for exposed data. This was then picked up by security researcher Bob Diachenko, who reported the problem to Microsoft.
Microsoft - Databases - December - Praise - Diachenko
Microsoft secured the databases over 30-31 December, winning praise from Diachenko for "quick turnaround on this despite [it being] New Year's Eve".
That is cold comfort for customers whose data was exposed. What has been picked up by security researchers may well also have been found by criminals.
Data - Logs - Customer - Service - Support
What data was published? These are logs of customer service and support interactions between 2005 and now. The good-ish news is that "most of the personally identifiable information — email aliases, contract numbers, and payment information—was redacted", according to Comparitech. However, a subset contained plain-text data including email addresses, IP addresses, case descriptions, emails from Microsoft...
Wake Up To Breaking News!