The company claims that the leak occurred by mistake and that the security hole was closed in just 48 hours.
New scare for all who are Microsoft customers, because we have just learned that there has been a massive new leak of data that has to do with the conversations that the members of the company’s technical support have with their customers. 250 million records that have to do with support and assistance calls, and personal data that have been accessible to any user with a browser in their hands.
The vulnerability was discovered on December 29, 2019 and those responsible for making it known to the company were security researcher Bob Diachenko and the company Comparitech . According to the Redmond-based company, the problem was corrected just two days later and to everyone’s peace of mind, they have warned that they have no record of being used in a “malicious” way. This, as always, it is advisable to put it in quarantine, lest any day we get a surprise
The fault was of an “incorrect configuration”
That speed to stop the filtration took place, according to Microsoft, after an error in the “incorrect configuration” of one of its internal customer support databases . Leak that not only affected US customer conversations but from many other countries where those of Redmond have a presence.
Such was the error that Comparitech revealed that the database leaked on the Internet was not even protected with a password and that both emails and IP addresses of customers were stored in plain text. Something that seems impossible that can happen in these times where security is one of the main concerns of the leading technology. Even so, Microsoft has acknowledged that the “vast majority” of filtered personal data has already been deleted.
All of the above comes to mean that, if this database had fallen – remember that we are talking about 250 million – in the hands of hackers , they could have quickly used them to impersonate the personality of customers before Microsoft’s technical service to get all kinds of products and services. This has led Redmond to warn that they are rethinking their entire security policy in the treatment of this type of information stored in their computers, and that it directly affects the trust of their customers. In any case, this purpose of amendment is to value for the future, but without forgetting the responsibilities that could arise from what happened.
In the company they are aware of the error and negligence that they have caused with the data of their clients – some dated back to 2005 – and for that reason they have not saved qualifications when asking for forgiveness: “We want to sincerely apologize and assure you to our clients who take it seriously, and who work diligently to learn and take steps to avoid any future recurrence.”