Serviceteam IT Security News

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection

More than 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection and a browser could have accessed the data.

The same set of 250 million records was stored on five Elasticsearch servers, which were spotted by Comparitech’s security researcher Bob Diachenko and his team on December 29th. They immediately notified Microsoft, which secured the data and started an investigation within two days.

Microsoft apologized for the incident and was quick to assure users that it had detected no malicious use of the leaky servers. The tech giant has also been in the news of late for other reasons, notably a severe vulnerability in Windows and a zero-day flaw in Internet Explorer.

What data?

The records comprised logs of exchanges between Microsoft’s customer support and its customers, spanning a 14- year period from 2005 to 2019.

While most of the sensitive information that was personally identifiable, such as payment information, was redacted, there were still a lot of records that were in plain-text form. The latter included IP addresses, locations, and internal notes which were marked “confidential”, customer email addresses, descriptions of customer service support claims and cases, Microsoft support agent emails, case numbers, resolutions, and remarks.

The cause?

The investigation revealed that the culprit was a change in the database’s network security group, which contained misconfigured security rules.

Such misconfigurations are not a rare occurrence, and we recently reported on a data leak that exposed birth certificate applications. Indeed, Microsoft echoed this very sentiment in a blog addressing its customers:

“Misconfigurations are unfortunately a common error across the industry. We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. As we’ve learned, it is good to periodically review your own configurations and ensure you are taking advantage of all protections available.”

Another data leak involving a misconfigured Elasticsearch server affected nearly all of Ecuador’s population a few months ago.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!