Last week, Microsoft announced that they fell victim to a data breach involving one of its customer databases. They state in a January 22nd blog article:
Our investigation has determined that a change made to the database’s network security group on December 5, 2019, contained misconfigured security rules that enabled exposure of the data. Upon notification of the issue, engineers remediated the configuration on December 31, 2019, to restrict the database and prevent unauthorized access. This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services.
This means that for 26 days, a database used for support case analytics was visible in plain text to anyone with a web browser. No password or authentication was required for anyone wishing to gain access. While Microsoft didn’t share details about how big the database was, Comparitech, who discovered the vulnerability, states that the database was found to contain about 250 million records containing conversation logs between Microsoft support agents and customers from all over the world spanning a period from 2005 to December 2019. It was unclear whether this unsecured data was accessed or used maliciously. However, information included in the breach consists of customer email addresses, IP addresses, locations, descriptions of CSS claims and cases, Microsoft support agent emails, case numbers, resolutions, remarks, and internal notes marked as “confidential.”
Microsoft hasn’t released information about just how many users were affected but promises to reach out to those affected to offer protection tips. Unfortunately, in cases like these, it is common for criminals to pose as Microsoft or other legitimate businesses falsely informing victims that they were affected by the breach and offering to “fix” the problem. In doing so, they’ll request that victims click on a link and “log in” or “confirm their account,” which in turn provides the criminals with your login credentials.
References
{{component-cta-custom}}