Microsoft might want to reverse time and go back to 2019, because 2020 hasn’t been good in the cybersecurity or PR departments.
According to consumer research group Comparitech, about 250 million customer service and support records have been exposed on the internet. These contain logs of conversations between Microsoft support staff and customers from all over the globe from 2005 right up until last month.
“All of the data was left accessible to anyone with a web browser, with no password or other authentication needed,” Comparitech said in a blog post.
Five Elasticsearch servers were uncovered by the team — led by Bob Diachenko — and each of the servers contained an identical set of the 250 million records. Microsoft was immediately notified.
Comparitech said the data was exposed for two days before the issue was discovered and Microsoft was alerted.
Customer email address, IP addresses, locations, the nature of support claims and cases, confidential internal notes, support staff emails, case numbers, resolutions and remarks.
Read Next: NSA Reportedly Notifies Microsoft Of Major Windows Security Vulnerability
Comparitech released a timeline of the events:
- Dec. 28, 2019 – The databases were indexed by search engine BinaryEdge
- Dec. 29, 2019 – Research team discovers the databases and immediately notified Microsoft.
- Dec. 30-31, 2019 – Microsoft secured the servers and data. Diachenko and Microsoft continued the investigation and remediation process.
- Jan. 21, 2020 – Microsoft disclosed additional details about the exposure as a result of the investigation.
Despite most personal information being redacted from the records, the exposure could help give a boost to support scammers.
Using detailed logs and case information, scammers can impersonate Microsoft staff and use it in phishing attacks or to take control of a user’s device.
Comparitech warns Windows and users of other Microsoft products to be aware of scams via phone and email and other common tactics hackers like to use. Microsoft doesn’t reach out to users for their tech problems, ask for your password or have you install remote desktop applications.
