Blog
How Microsoft’s Newest Data Breach Affects You

How Microsoft’s Newest Data Breach Affects You

Reviewed by
Microsoft announced that they fell victim to a data breach involving one of its customer databases. See how this can affect you and how to keep safe.
Table of Contents
Microsoft announced that they fell victim to a data breach involving one of its customer databases. See how this can affect you and how to keep safe.

Key Takeaways

Last week, Microsoft announced that they fell victim to a data breach involving one of its customer databases. They state in a January 22nd blog article:

Our investigation has determined that a change made to the database’s network security group on December 5, 2019, contained misconfigured security rules that enabled exposure of the data. Upon notification of the issue, engineers remediated the configuration on December 31, 2019, to restrict the database and prevent unauthorized access. This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services.

Microsoft2

This means that for 26 days, a database used for support case analytics was visible in plain text to anyone with a web browser. No password or authentication was required for anyone wishing to gain access. While Microsoft didn’t share details about how big the database was, Comparitech, who discovered the vulnerability, states that the database was found to contain about 250 million records containing conversation logs between Microsoft support agents and customers from all over the world spanning a period from 2005 to December 2019. It was unclear whether this unsecured data was accessed or used maliciously. However, information included in the breach consists of customer email addresses, IP addresses, locations, descriptions of CSS claims and cases, Microsoft support agent emails, case numbers, resolutions, remarks, and internal notes marked as “confidential.”

How does this affect me?

Microsoft hasn’t released information about just how many users were affected but promises to reach out to those affected to offer protection tips. Unfortunately, in cases like these, it is common for criminals to pose as Microsoft or other legitimate businesses falsely informing victims that they were affected by the breach and offering to “fix” the problem. In doing so, they’ll request that victims click on a link and “log in” or “confirm their account,” which in turn provides the criminals with your login credentials.

How can I stay safe?

  • If you’re contacted by phone or by email by someone claiming to be from Microsoft, make sure you’re actually hearing from Microsoft and that it isn’t a criminal posing as Microsoft instead. You can do this by visiting Microsoft’s website directly, not the site provided in the email or by phone.
  • Do not click on any links, call any phone numbers, or take any other online actions demanded in a security alert email until you have confirmed directly with the source that the alert is legitimate.Install browser protection.
  • Products like Guardio scan each website that you visit to ensure that it’s safe. If something malicious is found, the site is immediately blocked before any damage is done. This way, if you should receive that scam email and be fooled into clicking on the link, you’ll be alerted before you’ve inadvertently shared your personal information with criminals.Use an account monitoring service. Guardio also offers account monitoring, which can alert you of account breaches so that you can take action to safeguard your accounts before criminals have had a chance to wreak havoc on your accounts, credit cards, and identity.

References

Microsoft

Comparitech

{{component-cta-custom}}

CMS-based CTA:
Clean up your browser and prevent future scams
Protect yourself from malware & online scams, begin with a free scan.
Add Guardio to BrowserTake Security Quiz
Default CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
CMS-based "Did you know?" block
Did you know?
Default "Did you know?" block
Did you know?

Make sure you have a personal safety plan in place. If you believe someone is stalking you online and may be putting you at risk of harm, don’t remove suspicious apps or confront the stalker without a plan. The Coalition Against Stalkerware provides a list of resources for anyone dealing with online stalking, monitoring, and harassment.

Guardio Security Team
Guardio’s Security Team researches and exposes cyber threats, keeping millions of users safe online. Their findings have been featured by Fox News, The Washington Post, Bleeping Computer, and The Hacker News, making the web safer — one threat at a time.
Tips from the expert

Related articles

FAQs

No items found.
Table of Contents
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now