Tech giant Microsoft has accepted that data of it’s 250 Million users was leaked. The fact is surfaced as a result of a research conducted by Comparitech security research team. The reserach said that 250 million Customer Service and Support records were exposed on the web.
Microsoft while accepting the data breach blamed it on misconfiguration. The tech giant said, ” misconfiguration of an internal customer support database’ has caused the data leak. A change made to the database’s network security group on 5 December 2019, which contained misconfigured security rules enabled exposure of the data as per Microsoft.
The database contained conversations between Microsoft support agents and customers of 14 years. Most of the leaked data like “emails, contact numbers, and payment information” was redacted says the reserach.
However, a large portion of the leaked data reportedly was also in plain text. This includes IP addresses, locations, Microsoft support agent emails, case numbers, resolutions, remarks and internal notes marked as “confidential”.
Microsoft published a blog this Tuesday (21st January,2020) accepting the data breach. This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services, said the blog.
Microsofts assures that it has noted the mistake on time and has fixed the vulnerability as of 31st December 2019.
Inputs from Tech2