WindiLeaks: Microsoft exposes 250 million customer support records dating back to 2005. (Not on purpose though) | 1/22/2020 | Staff
shardonayshardonay (Posted by) Level 3
Click For Photo:

Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019.

On 28 December 2019, these databases were found by BinaryEdge, which crawls the internet looking for exposed data. This was then picked up by security researcher Bob Diachenko, who reported the problem to Microsoft.

Microsoft - Databases - December - Praise - Diachenko

Microsoft secured the databases over 30-31 December, winning praise from Diachenko for "quick turnaround on this despite [it being] New Year's Eve".

That is cold comfort for customers whose data was exposed. What has been picked up by security researchers may well also have been found by criminals.

Data - Logs - Customer - Service - Support

What data was published? These are logs of customer service and support interactions between 2005 and now. The good-ish news is that "most of the personally identifiable information — email aliases, contract numbers, and payment information—was redacted", according to Comparitech. However, a subset contained plain-text data including email addresses, IP addresses, case descriptions, emails from Microsoft...
(Excerpt) Read more at:
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!