Skip to main content

Posts

Showing posts from January 23, 2020

Serious breach at Microsoft Customer Support, 250 Million Records Exposed Online

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers. According to Bob Diachenko, a cybersecurity researcher who spotted the unprotected database and reported to Microsoft, the logs contained records spanning from 2005 right through to December 2019. In a blog post, Microsoft  confirmed  that due to misconfigured security rules added to the server in question on December 5, 2019, enabled exposure of the data, which remained the same until engineers remediated the configuration on December 31, 2019 Microsoft also said that the database was redacted using automated tools to remove the personally identifiable informat...