Microsoft was involved in a data breach with millions of customer service and support records exposed.
The report was revealed by the Comparitech security research team, published on January 22. Paul Bischoff from Comparitech security research team says that it took place over the new year.
The records contained all the conversations between Microsoft’s customer support agents and customers through 14 years from 2005 to December 2019.
The data was found in five different servers – each containing identical data for 250 million records. The data included personal details that could help identify an individual. Luckily Diachenko, one of the research team’s members, says — “email aliases, contact numbers, and payment information—was redacted.”
But still, most of the data including Customer email addresses, IP addresses, Locations, Descriptions of CSS claims and cases, Microsoft support agent emails, Case numbers, resolutions, and remarks and even Internal notes marked as “confidential,” were in plain text.
These plain text data could prove beneficial to tech support scammers, says Paul. “… the dangers of this exposure should not be underestimated.”
Microsoft has already patched the issue securing the servers and data by December 31.
In a report published by the American tech giant, there were changes made to the database’s network security group in early December last year that contained misconfigured security rules.
The company clarifies that it did not affect its commercial cloud servers, clearing the air on the security of its enterprise customers.
Measures have already been taken to ensure to prevent future occurrences, says the company.