A very large security breach involving Microsoft’s customer support database resulted from incorrect security settings in Azure.
Microsoft recently revealed that there was a security breach incident in an internal customer database that was exposed online last month. According to the US company, the database stored anonymous user statistics, which were randomly displayed online between December 5 and December 31.
The data was first discovered by security researcher Bob Diachenko of Security Discovery, who reported it to Microsoft. Although the report was made on New Year’s Eve, Microsoft immediately resolved the security issue. According to Diachenko, the database contained data from 5 different servers, but storing the same files. Data where it was used to simplify search functions.
The servers had nearly 250 million listings stored, including information such as e-mails, IP addresses and customer support data. However, the listings did not contain any personal user information, according to Microsoft. Of course, it has already begun to alert customers whose data was exposed, although it has not yet found malicious use of this data.
Microsoft said the database was exposed by incorrect security settings in Azure, with the update last updated on December 5.