After the change to the customer’s database, some of the sensitive information obtained with the help of Microsoft was freely accessible in-direct text over the Internet. It is said to have recorded about 250 million call centre records over the last 14 years.
Microsoft now revealed in a blog post. It says the company had unauthorized access to its customer support database. The trigger was a misconfiguration of the database, which, for some 250 million users, included contact data and internal Microsoft notes.
The data leak was discovered by an external security researcher: Bob Dyachenko’s team discovered this database in late December and reported it to Microsoft. There he quickly assumed that public access had been cancelled.
According to Microsoft, the database containing the supporting documentation was incorrectly configured on December 5, which was noticed only three weeks later. The software giant has now completed an investigation into the incident, it states in a blog post and continues:
“Although this investigation did not identify any abusive use and most users did not disclose any personal data What we do not want is to make this incident transparent – to assure all users and to them that we take it very seriously and feel responsible for it.
In the media, however, the data leak and its results are presented in a very different way: as stated, some data in the database was stored in plain text. It is said to contain information such as email addresses of customers and support staff, IP addresses, locations, case numbers and secret entry notes.
This information came from the investigating team who reported the problem. All of this customer data can be used by malicious actors accordingly, for example, Microsoft now specifically pretends to be Microsoft Support employees to deceive customers.
An increase in support scams is now feared, which could be fed with the original data of the customers.
In the media, however, the data leak and its results are presented in a very different way: as stated, some data in the database was stored in plain text. It is said to contain information such as email addresses of customers and support staff, IP addresses, locations, case numbers and secret entry notes.
This information came from the investigating team who reported the problem. All of this customer data can be used by malicious actors accordingly, for example, Microsoft now specifically pretends to be Microsoft Support employees to deceive customers.
Intel Tiger Lake processor new U GeekBench running points exposure: single-core 1400 tie 3950X
Microsoft is working on a new tool for the PowerToys system
The wait of users is near to over because of a few days left for…
A short video has surfaced with an alleged PlayStation 5 loading screen and a user…
It is not wrong to say that the first leak of the A14 bionic benchmark…
The EU is currently studying a proposal to reform digital markets and data sharing methods.…
Only a few weeks left for the official announcement of the iPhone 12. The source…
A well-known analyst has already shared a lot of information about the iPhone models that…
View Comments
Such news always makes you think about what information about yourself to share on the Internet, in e-mails or electronic transaction services. Fortunately, this leak didn’t get any worse. The most important asset of the various ISPs is trust, and any leaks will undermine that trust.