Microsoft Exposed 250 Million Customer Support Records:
Nearly 250 million Microsoft Customer Service and Support (CSS) records were found exposed to the Internet in five insecure Elasticsearch databases, Comparitech reports.
The records on those servers contained 14 years' worth of logs of conversations between support agents and customers, all of which could be accessed by anyone directly from a browser, without any form of authentication.
Each of the five Elasticsearch servers contained an apparently identical set of records, with data spanning between 2005 and December 2019, Comparitech's security researchers reveal.
While most of the personal information in those records was redacted, many records contained plain text data.
Exposed data in those records included customer email addresses, IP addresses, locations, descriptions of CSS claims and cases, Microsoft support agent emails, internal notes marked as "confidential," and case numbers, resolutions, and remarks, the researchers say.
"I immediately reported this to Microsoft and within 24 hours all servers were secured," security researcher Bob Diachenko, who led the Comparitech team, explains.
The data was exposed to the Internet for around two days before Microsoft secured the servers. The databases were indexed by search engine BinaryEdge on December 28, 2019, Diachenko discovered them the next day and notified Microsoft, and the company secured the servers on December 30.
(Score: 5, Insightful) by Gaaark on Friday January 24 2020, @12:29PM (2 children)
don't let friends use Microsoft products!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Friday January 24 2020, @09:40PM (1 child)
I started charging a minimum of $20 every time my friends fucked up Windows and asked me to fix it.
(Score: 3, Insightful) by stormreaver on Friday January 24 2020, @10:12PM
I tell everyone who asks that I don't, and won't, support Windows. They quickly stopped asking, and life became happier.