Microsoft exposes 250 million customer records2020-01-22 17:32 by Daniela
Microsoft disclosed a security breach caused by a misconfigured internal customer support database that led to the accidental exposure of roughly 250 million customer support and service records, some of them containing personally identifiable information.
The database was storing anonymized user analytics and was accidentally exposed online between December 5 and December 31. Microsoft said the issue was specific to the support database and does not reflect an exposure of its commercial cloud services. Per company policy, information stored in the database was redacted to remove personal information, Microsoft said.
"Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices," Microsoft wrote in a blog post. "In some scenarios, the data may have remained unredacted if it met specific conditions."
This presents not just a phishing risk but a valuable collection of data for tech support scammers who impersonate call center agents from Microsoft and other companies to install malware on victim machines and steal financial data.
Read more -here-