08:56 23rd Jan, 2020
Microsoft Discloses Security Breach in Customer Database
The company says the database storing user analytics and contained over 250 million entries was accidentally exposed last December
It is one thing for cyberhackers to make malicious attacks on networks to steal data, but it is quite another to hear that one of the top-3 tech giants of the world actually left their doors unlocked to expose more than 250 million entries on an internal customer support database – something that could have led to embarrassing outcomes.
In a blog post on their official website, Microsoft admitted the security breach between December 5 and December 31, 2019 but said the investigation ruled out any malicious intent or use of the exposed data. The company said that though there was no personally identifiable information in the database, the post was part of Microsoft’s efforts to be transparent about the incident to all customers.
The probe revealed that a change made to the database’s network security group on December 5 contained misconfigured security rules (listed out here) that enabled the exposure, which then was fixed on December 31 to prevent unauthorized access. The company clarified that the issue related to an internal database used for support case analytics and “does not represent an exposure of our commercial cloud services”.
Ann Johnson, Corporate VP of Microsoft’s Cybersecurity Solutions Group and Eric Doerr, General Manager of the Microsoft Security Response Centre claimed that misconfigurations were a common error across the industry but solutions that prevent such errors weren’t enabled for this particular database.
A report published on ZDnet.com says the database exposure was first reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery who said that it comprised a cluster of five servers which appeared to have the same data. The security expert took to his Twitter handle to share information about the breach and how he helped fix it.
On its part, Microsoft also complimented Diachenko for his efforts and said, “we also want to thank the researcher, Bob Diachenko, for working closely with us so that we were able to quickly fix this misconfiguration, investigate the situation, and begin notifying customers as appropriate.”
Looks like the company escaped a major embarrassment and needs to review its security protocols from time to time though on this occasion they may also want to thank cybercriminals who were possibly asleep at work.
- Bobble celebrates 'Namaste Trump" with new GIFs, and Stickers
- Fujifilm unveils the new X100V camera with high performance and advanced functions along with two new XC 35mm F2 and GF 45-100mm F4 lens
- boAt audio launches new range of earphones & speakers at the recently concluded Lakmé Fashion Week
- Sennheiser PXC 550-II Wireless, The Smarter Travel Companion, Launched in India
- Titan Company strengthens its technology and wearables play
- Xiaomi India launches Desh Ka Dumdaar Smartphone, Redmi 8A Dual
- HYPERX LAUNCHES FURY ULTRA RGB GAMING MOUSE PAD IN INDIA
- An initiative to create a Breathe Free space for the torch bearers of tomorrow
- Philips rapidly expands its smart audio product portfolio by launching Headphones with one touch Google Assistant and Active Noise Cancellation
- Goldmedal Electricals launches smart i-Sense Senso Switch