Search the Community
Showing results for tags 'exposed data'.
The search index is currently processing. Current results may not be complete.
Found 1 result
Microsoft accidentally exposed nearly 250 million Customer Service and Support records on the web. The records contained logs of conversations between Microsoft and customers from all over the world. This data is spanning a 14-year period from 2005 to December 2019. All of the data was left accessible to anyone with a web browser, with no password or other authentication needed. The Comparitech security research team led by Bob Diachenko uncovered five Elasticsearch servers, each of which contained an apparently identical set of the 250 million records. Diachenko immediately notified Microsoft upon discovering the exposed data, and Microsoft took swift action to secure it. Despite swift action from Microsoft the data was exposed for 25 days during the holidays. The information exposed includes Customer email addresses, IP addresses and physical locations, descriptions of customer service claims and cases, case numbers, resolutions and remarks, and internal notes marked "confidential". This information, which is in plain text, is prety much all you need for a full scale fraud attack as Paul Bischoff explain in his post. Microsoft has begun reaching out to the millions of customers affected and they urge users to stay alert should anyone contact them under the guise of being a representative from Microsoft in their official response to the incident. With this error some are questioning the security measures in place at Microsoft. Fausto Oliveira, principal security architect at Acceptto gave this statement to threatpost: