Microsoft admits a data leak of around 250 million users

Microsoft admits a data leak of around 250 million users after customer service and support records were exposed.

Microsoft admits a data leak. There has been a data breach of 250 million Microsoft users that have been brought to light by the Comparitech security research team, which is led by Bob Diachenko. Researchers have found out that around 250 million Customer Service and Support records were exposed on the web.

Microsoft has shown acknowledgment of the data breach by saying that it was due to the ‘misconfiguration of an internal customer support database’ that the company uses for tracking support cases. This would include logs of conversations between Microsoft support agents and customers of around 14 years.

Microsoft has said that it would fix the vulnerability on 31st Dec, 2019.

What Do The Researches Say?

Several researches reveal that most of the leaked data like that of emails, contact numbers, and payment information were redacted. But, a large portion of the leaked data was reportedly also in plain text, which wasn’t limited to customer email addresses, IP addresses, locations, Microsoft support agent emails, case numbers, resolutions, remarks, and internal notes marked as ‘confidential’.

Recently, Microsoft published a blog where it admitted the data breach. Microsoft had also revealed that this breach was caused by a change that was made to the database’s network security group on December 5th 2019. This contained misconfigured security rules that enabled exposure of the data. 

Ann Johnson, corporate vice president, Cybersecurity Solutions Group at Microsoft said that the investigation “found no malicious use”. “Although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and hold ourselves accountable,” 

Recent Data Breaches

Some of the recent data breaches that shook India were SBI, when it left its server without any password protection. Alo, more than 1.3 million credit and debit cards from Indian banks were spotted for sale in October. Facebook too wasn’t ticked off the list. Facebook user passwords were exposed to the entire world, and also available in plain sight. “We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.”


If you have an interesting article / experience / case study to share, please get in touch with us at editors@expresscomputeronline.com

datadata breachesMicrosoftNewsTech
Comments (1)
Add Comment
  • Albin

    The best customer support is only achieved with 24/7 availability and promptness of the responses. Build the best AI chatbot and streamline your customer service.