Microsoft exposed a Customer Support Database that contains logs of conversations between Microsoft support agents and customers all over the world.
Nearly 250 million records leaked and the leaked account info ranges 14-year period between 2005 to December 2019.
All the exposed data can be accessible by anyone by just having a web browser, no username or password is required.
Five Elasticsearch Servers Uncovered
The Elasticsearch servers are uncovered by Comparitech security researcher Bob Diachenko, “each of which contained an identical set of the 250 million records.”
Diachenko reached to Microsoft and the exposed data was secured by Microsoft within 24. It is unsure that if any third parties gained access to the database at the time.
The following are the details exposed: Customer email addresses, IP addresses, Locations, Descriptions of CSS claims and cases, Microsoft support agent emails, Case numbers, resolutions, and remarks and Internal notes marked as “confidential”.
The exposed data can be utilized by Tech support scammers to contact users pose to be from Microsft support.
Microsoft also released an investigation report states that leak occurs due to “a misconfiguration of an internal customer support database used for Microsoft support case analytics.”
The company also confirms that exposure was limited as the “majority of records were cleared of personal information by our standard practices.”
“We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence,” Microsoft said.