Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

250 Million Microsoft Customer Support Records Exposed Online

January 23, 2020
in Internet Privacy
250 Million Microsoft Customer Support Records Exposed Online
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised.

Microsoft today admitted a security incident that exposed nearly 250 million “Customer Service and Support” (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers.

You might also like

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

What Does It Take To Be a Cybersecurity Researcher?

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

According to Bob Diachenko, a cybersecurity researcher who spotted the unprotected database and reported to Microsoft, the logs contained records spanning from 2005 right through to December 2019.

In a blog post, Microsoft confirmed that due to misconfigured security rules added to the server in question on December 5, 2019, enabled exposure of the data, which remained the same until engineers remediated the configuration on December 31, 2019.

Microsoft also said that the database was redacted using automated tools to remove the personally identifiable information of most customers, except in some scenarios where the information was not the standard format.

“Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices,” Microsoft said.

However, according to Diachenko, many records in the leaked database contained readable data on customers, including their:

  • email addresses,
  • IP addresses,
  • Locations,
  • Descriptions of CSS claims and cases,
  • Microsoft support agent emails,
  • Case numbers, resolutions, and remarks,
  • Internal notes marked as “confidential.”

“This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services,” Microsoft said.

By having real sensitive case information and email addresses of affected customers in hand, the leaked data could be abused by tech-support scammers to trick users into paying for non-existent computer problems by impersonating Microsoft support representatives.

“This is a fairly common type of hack. Overly permissive permissions abound on servers and cloud products all over the Internet,” said Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist told The Hacker News.

“Having worked for Microsoft for 15 years, 11 years as a full-time employee, I’ve seen firsthand how much they try to fight scenarios like this. There are multiple layers of controls and education designed to stop it from happening. And it shows you how hard it is to prevent it 100% of the time. Nothing is perfect. Mistakes and leaks happen. Every organization has overly permissive permissions. Every! It’s just a matter of if someone outside the organization discovers it or if someone takes advantage of it,” Grimes added.

“In this case, as bad as it is, it was discovered by someone who didn’t do malicious things with it. Sure, the data, sitting unprotected, could have also been used by the bad guys, but so far, no one has made that case or provided evidence that it has been used maliciously.”

“Anyone can have a mistake. The most important question is how the mistake happened and how to prevent it from happening next time, and if any others could have happened from the same set of circumstances.”

As a result of this incident, the company said it began notifying impacted customers whose data was present in the exposed Customer Service and Support database.


Credit: The Hacker News By: noreply@blogger.com (Wang Wei)

Previous Post

A Realistic Framework for AI in the Enterprise

Next Post

Coalition acquires IoT search engine BinaryEdge

Related Posts

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
What Does It Take To Be a Cybersecurity Researcher?
Internet Privacy

What Does It Take To Be a Cybersecurity Researcher?

April 12, 2021
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
Internet Privacy

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

April 12, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business
Internet Privacy

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

April 10, 2021
Next Post
Coalition acquires IoT search engine BinaryEdge

Coalition acquires IoT search engine BinaryEdge

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Epoch and Map of the Energy Transition through the Consensus Validator
Data Science

Epoch and Map of the Energy Transition through the Consensus Validator

April 13, 2021
Bitcoin mining in China could threaten climate policies, new study shows
Blockchain

Bitcoin mining in China could threaten climate policies, new study shows

April 13, 2021
Artificial Intelligence Research at Duke
Machine Learning

Artificial Intelligence Research at Duke

April 13, 2021
Learning Not To Fear Machine Learning | by Dimitry Belozersky | Apr, 2021
Neural Networks

Learning Not To Fear Machine Learning | by Dimitry Belozersky | Apr, 2021

April 13, 2021
Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised April 13, 2021
  • Epoch and Map of the Energy Transition through the Consensus Validator April 13, 2021
  • Bitcoin mining in China could threaten climate policies, new study shows April 13, 2021
  • Artificial Intelligence Research at Duke April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates