Jump to content

Microsoft Accidentally Exposed Data of 250 Million Users; Why Aren't We Shocked Anymore?


Spartan

Recommended Posts

Big tech companies really cannot keep a lid on the big jar they keep our data in? We are barely into 2020, and Microsoft has admitted that it ‘accidentally’ made the service and support records of more than 250 million customers accessible to anyone with a web browser and connected to the world wide web. Albeit this was temporary. And it was because of a database error. Microsoft takes pains to insist that no personally identifiable information was exposed and that their investigations do not suggest any malicious use of the data that was left available to anyone on the world wide web.

“Our investigation has determined that a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data. Upon notification of the issue, engineers remediated the configuration on December 31, 2019 to restrict the database and prevent unauthorized access. This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services,” says the official statement released by the Microsoft Security Response Center.

For Microsoft, this is the second major data security incident in the past year. In April 2019, the company had confirmed that hackers had accessed the customer support system and gotten their hands-on email accounts of some of its users.

With regards to the latest incident, the Comparitech security research team led by Bob Diachenko had discovered that the data was exposed on five Elasticsearch servers, each of which contained an apparently identical set of the 250 million records. They believe that the data which was temporarily exposed included the email addresses of customers, their IP addresses, location data as well as case numbers and possible resolutions.

Link to comment
Share on other sites

@k2s  @psycopk  what is this.

Our investigation has determined that a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data.

Link to comment
Share on other sites

Just now, jbourne said:

Eroje mail ochchindii edo azure billing databases are exposed to internet no need to worry ani. 

hmm...They believe that the data which was temporarily exposed included the email addresses of customers, their IP addresses, location data as well as case numbers and possible resolutions.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...