Microsoft has announced that one of its databases has been accidentally exposed online. The database could over the internet without the need for authentication.
The database was found by security researchers at Comparitech, who reported the security issue to Microsoft. Microsoft immediately secured the database and launched an investigation to determine how long the data had been exposed and whether it had been accessed by unauthorized individuals.
According to Comparitech, the data could be accessed on five Elasticsearch servers and contained approximately 250 million records. The database contained logs of conversations between customers and Microsoft support agents between 2005 and December 31, 2019.
In a January 22, 2019 blog post Microsoft explained that the database was exposed as a result of a misconfiguration of the security rules by the network security group responsible for the database on December 5, 2019. The database was therefore exposed online for 26 days. Microsoft explained that the database was used for support case analytics. It was an internal database and an isolated incident. Its commercial cloud services were not affected.
Sensitive personal information had been redacted from the database using Microsoft’s automated tools. Those tools removed the majority of personal information, but some information remained in the database if certain conditions were met. For instance, if an email address included a space, the tool would not have recognized it as such, and the email address would not have been removed.
Notifications have been sent to all customers whose personal information was present in the database. Microsoft has not disclosed how many individuals had their personal information exposed. Microsoft says it found no evidence to indicate anyone other than Comparitech found the database, but unauthorized access cannot be ruled out.
Any individual who contacted Microsoft for support between 2005 and 2019 should be alert to the possibility of phishing attacks seeking personal information. If you receive any email related to the breach, do not open any email attachments or click hyperlinks in the message body.