Vulnerabilities

Microsoft Disclose a Security Breach Affecting One of Their Own Customer Support Databases

While security breaches are common, the latest report relates to the tech giant Microsoft. Reportedly, Microsoft has disclosed a security breach that affected one of its Customer Support databases. The problem happened because of a misconfiguration of the database that exposed stored records.

Microsoft has recently revealed a security breach involving a Customer Support database.

The tech giant became aware of the problem when the exposed database caught the attention of security researcher Bob Diachenko. As stated in another blog post, Diachenko discovered the exposed database having around 250 million records. The exposed details did not include any sensitive personal information. However, it did include conversation logs.

Specifically, the exposed records included customers’ email addresses, locations, IP addresses, CSS claims and cases, support representative emails, case numbers, remarks and resolutions, and internal confidential notes.

Any personally identifiable information was already redacted from the records.

Following Diachenko’s report, Microsoft swiftly worked to fix the flaw on the New Year eve. Recently, they have shared details about the incident in a post shared by Ann Johnson, Corporate Vice President – Cybersecurity Solutions Group, and Eric Doerr, GM Microsoft Security Response Center.

As stated in their post,

In brief, the problem occurred on December 5, 2019, following a misconfiguration of security rules by network security.

You Might Also Like