Microsoft has accidentally exposed 250 million customer service and support records online, according to a new report today. The leaked data includes conversations between Microsoft technical support staff and customers recorded between 2005 and December 2019. Microsoft has now stepped up its protection of the information after receiving information about the breach. However, the data that has been disclosed does not contain personally identifiable information.
The leaked data contains customer e-mail locations, IP addresses, locations, CSS statements and case descriptions, case numbers, solutions, notes, and more. It is important to note that no authentication is required and that anyone can access the data. The data breach was first discovered on December 29th, and Microsoft took action on December 30th. Microsoft resolved this issue within 24 hours.
If the exposed data has been misused, it is likely that the customer’s email address will be used to support the fraud. Microsoft confirmed the data breach and revealed that the problem was caused by an misconfiguration of the Microsoft Internal Case Study database.
Microsoft is taking steps to prevent this problem from happening again in the future. These include reviewing internal resource security rules and extending the scope of detecting errors in the configuration of security rules. Alert the service team, etc. when a security rule configuration error is detected.