Pages

Thursday, 23 January 2020

Microsoft discloses security breach affecting 250 million customers

microsoft carbon

Microsoft has shared some details of a recent security breach, which involved the complete exposure of 250 million customer records.
The breach affected an internal customer support database, mostly consisting of user analytics. According to ZDNet, which spoke to Diachenko, the affected database consisted of a cluster of five Elasticsearch (search engine) servers, all of which stored the same set of records.

The database – which was entirely unsecured and accessible to anyone with a browser who knew where to look – contained 250 million records of customer service and support log conversations spanning a period of 14 years.
Although most of the data was anonymised, some personal information - specifically information saved in non-standard formats - was left exposed. This included email addresses, locations, IP addresses and details of the customer issues.
According to Microsoft, the breach occurred due to misconfigurations in the Azure security rules deployed on December 5 2019.

No comments:

Post a Comment