Microsoft has disclosed details of a security breach within an internal customer support database. In a blog post today, the company pointed to the breach that happened during December 2019. The database was used to store anonymized user analytics.
In the post, the company explains the information stored on the database was exposed online from December 5 to December 31.
Microsoft did not uncover the problem. Instead, Bob Diachenko, a security researcher for Security Discovery found the problem and reported it to Microsoft. Redmond confirmed the leak but said there was no malicious activity:
“Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and holding ourselves accountable.”
Kudos to MS Security Response team – I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve. https://t.co/PPLRx9X0h4
— Bob Diachenko (@MayhemDayOne) January 22, 2020
Details
Microsoft’s database had around 250 million entries. Information held on the repository included IP addresses and email addresses. The company confirmed that none of the entries included personal user information.
“As part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information,” Microsoft said.
The leak was caused by a misconfigured Azure security rule that was rolled out on December 5. The company says a fix has been issues and the following changes made:
- Auditing the established network security rules for internal resources.
- Expanding the scope of the mechanisms that detect security rule misconfigurations.
- Adding additional alerting to service teams when security rule misconfigurations are detected.
Implementing additional redaction automation.