HomeWinBuzzer NewsMicrosoft Database Security Leak Confirmed by Redmond

Microsoft Database Security Leak Confirmed by Redmond

Microsoft says a database was leaked online, including information from 250 million entries. The company has since issued a fix.

-

Microsoft has disclosed details of a security breach within an internal customer support database. In a blog post today, the company pointed to the breach that happened during December 2019. The database was used to store anonymized user analytics.

In the post, the company explains the information stored on the database was exposed online from December 5 to December 31.

Microsoft did not uncover the problem. Instead, Bob Diachenko, a security researcher for Security Discovery found the problem and reported it to Microsoft. Redmond confirmed the leak but said there was no malicious activity:

“Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and holding ourselves accountable.”

Details

Microsoft’s database had around 250 million entries. Information held on the repository included IP addresses and email addresses. The company confirmed that none of the entries included personal user information.

“As part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information,” Microsoft said.

The leak was caused by a misconfigured Azure security rule that was rolled out on December 5. The company says a fix has been issues and the following changes made:

  • Auditing the established network security rules for internal resources.
  • Expanding the scope of the mechanisms that detect security rule misconfigurations.
  • Adding additional alerting to service teams when security rule misconfigurations are detected.

Implementing additional redaction automation.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon