Skip to main content

Microsoft customer support database exposed online

Microsoft October 2 event
(Image credit: StockStudio / Shutterstock)

Microsoft has disclosed a security breach where an internal customer support database was exposed online last month.

The software giant provided further details on the security breach in a blog post in which it said that the database was storing anonymized user analytics and was accidentally exposed online between December 5 and December 31.

Security researcher at Security Discovery, Bob Diachenko first discovered the database and reported it to Microsoft. The company quickly secured the exposed database on the same day he reported the issue, despite the fact that he did so on New Year's Eve.

According to Diachenko, the customer support database contained a cluster of five Elasticsearch servers that are used to help simplify search operations. All five servers stored the same data as they appear to be mirrors of each other.

Exposed database

The servers storing Microsoft's customer support database contained almost 250m entries including information such as email addresses, IP addresses and support case details. Thankfully though, most of the records did not contain any personal user information according to the company's blog post, which reads:

“As part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information. Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices. In some scenarios, the data may have remained unredacted if it met specific conditions. “

If users filed out customer support requests using non-standard formatted data, then that data was not detected and redacted but remained in the exposed database. Microsoft has already begun notifying impacted customers though the company has “found no malicious use” of the data.

According to the company, the accidental server exposure was the result of misconfigured Azure security rules it deployed on December 5 which have now been fixed.

Via ZDNet