250 million Microsoft customer records that date back to 2005 have been exposed in a huge data breach.
The data came from Microsoft customer report incidents and were exposed on 30th and 31st December 2019. They included logs of interactions from service and support that had been made from 2005 to now.
Researcher Bob Diachenko found the problem through BinaryEdge, a site that searches the web for exposed data. The issue was then reported to Microsoft once discovered who quickly secured the database.
Is the data safe?
Despite the swift action from the software giant, there was still enough time for cybercriminals to pick up on any exposed data.
Though with this in mind, Comparitech, a tech research firm, has stated: “most of the personally identifiable information — email aliases, contract numbers, and payment information—was redacted”,
However, there were also reports that a subset of the information contained plain text data from emails, IP addresses and case numbers, amongst other information. It is not yet known how many records had identifiable information on them.
Should people worry?
Ekaterina Khrustaleva, COO of web security company ImmuniWeb, doesn’t think there is too much to worry about in the breach. She says: “Assuming the data was not exploited by malicious actors as per the official statement, there is not much practical risk so far. However, it is impossible to say whether the information from this server, or other presumably existing servers, has ever been detected and stolen by cybercriminals.”
The COO adds: “Many large companies and not only Microsoft have lost visibility of their external attack surface, exposing their clients and partners to significant risks. We will likely see a multitude of similar incidents in 2020.”