top of page

Microsoft Disclose a Security Breach Affecting One of Their Own Customer Support Database

While security breaches are common, the latest report relates to the tech giant Microsoft. Reportedly, Microsoft has disclosed a security breach that affected one of its Customer Support databases. The problem happened because of a misconfiguration of the database that exposed stored records.

Microsoft Database Breach Discovered

Microsoft has recently revealed a security breach involving a Customer Support database.

The tech giant became aware of the problem when the exposed database caught the attention of security researcher Bob Diachenko. As stated in another blog post, Diachenko discovered the exposed database having around 250 million records. The exposed details did not include any sensitive personal information. However, it did include conversation logs.

"The records contained logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019."

Specifically, the exposed records included customers’ email addresses, locations, IP addresses, CSS claims and cases, support representative emails, case numbers, remarks and resolutions, and internal confidential notes.

Any personally identifiable information was already redacted from the records.

Microsoft Confirmed The Breach

Following Diachenko’s report, Microsoft swiftly worked to fix the flaw on the New Year eve. Recently, they have shared details about the incident in a post shared by Ann Johnson, Corporate Vice President – Cybersecurity Solutions Group, and Eric Doerr, GM Microsoft Security Response Center.

As stated in their post,

"Misconfigurations are unfortunately a common error across the industry. We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database."

In brief, the problem occurred on December 5, 2019, following a misconfiguration of security rules by network security.

Nonetheless, they assured that the incident only happened to Microsoft’s internal database without affecting cloud services.

"This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services."

They clarified that some PII data might be present in the exposed details following certain circumstances, such as misformatted email addresses. Hence, Microsoft has investigated such data and will inform the affected users.

They have also acknowledged the researcher for the prompt discovery, while Diachenko appreciated the swift action from the tech giant.



bottom of page