08:56 23rd Jan, 2020
Microsoft Discloses Security Breach in Customer Database
The company says the database storing user analytics and contained over 250 million entries was accidentally exposed last December
It is one thing for cyberhackers to make malicious attacks on networks to steal data, but it is quite another to hear that one of the top-3 tech giants of the world actually left their doors unlocked to expose more than 250 million entries on an internal customer support database – something that could have led to embarrassing outcomes.
In a blog post on their official website, Microsoft admitted the security breach between December 5 and December 31, 2019 but said the investigation ruled out any malicious intent or use of the exposed data. The company said that though there was no personally identifiable information in the database, the post was part of Microsoft’s efforts to be transparent about the incident to all customers.
The probe revealed that a change made to the database’s network security group on December 5 contained misconfigured security rules (listed out here) that enabled the exposure, which then was fixed on December 31 to prevent unauthorized access. The company clarified that the issue related to an internal database used for support case analytics and “does not represent an exposure of our commercial cloud services”.
Ann Johnson, Corporate VP of Microsoft’s Cybersecurity Solutions Group and Eric Doerr, General Manager of the Microsoft Security Response Centre claimed that misconfigurations were a common error across the industry but solutions that prevent such errors weren’t enabled for this particular database.
A report published on ZDnet.com says the database exposure was first reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery who said that it comprised a cluster of five servers which appeared to have the same data. The security expert took to his Twitter handle to share information about the breach and how he helped fix it.
On its part, Microsoft also complimented Diachenko for his efforts and said, “we also want to thank the researcher, Bob Diachenko, for working closely with us so that we were able to quickly fix this misconfiguration, investigate the situation, and begin notifying customers as appropriate.”
Looks like the company escaped a major embarrassment and needs to review its security protocols from time to time though on this occasion they may also want to thank cybercriminals who were possibly asleep at work.
- Bobble AI bullish on growing business via regional content; announces dedicated keyboard in Malayalam
- Acer India launches business PC at Just Rs 9999
- TCL 4K QLED with Hands Free AI TV Pre-booking Coming Soon at Reliance Digital
- Linksys India Launches VELOP MX5300 WIFI 6 Mesh System
- Acer introduces Nitro 5, its first 10th Gen Intel® Core™ Gaming Laptop
- Barco Introduces New Series of Advanced Video Processing and Presentation Control Systems
- NETGEAR Orbi RBK50 Mesh System to Augment Your Home Wi-Fi Network for Improved Work Efficiency
- Motorola announces its new flagship in India with the Fastest, Loudest, Boldest; motorola edge+
- Surface Pro X, Surface Pro 7 and Surface Laptop 3 are now available in India
- Genelec Announces 1235A: Classic Heritage, Cutting Edge Performance