Blog

Data Breach Hits Microsoft Customer Service Database

Jan 31, 2020 | Blog

Over the last twelve months, we’ve heard reports from companies of all shapes and sizes that have suffered from data breaches.

Many of them were caused by an act of carelessness on the part of an employee that accidentally left an important database exposed to the world. It raises eyebrows though, to hear that Microsoft was the target of such an action.

Surprising or not, Microsoft recently disclosed that a total of five servers storing a variety of customer support analytics were accidentally exposed online in December 2019.

Credit goes to Bob Diachenko, a researcher with Security Discovery. He found the leaky database, which consisted of a cluster of five ElasticSearch servers. According to Diachenko, all five servers stored the same data, appearing to be mirrors of each other.

The servers contained nearly 250 million entries that included IP addresses, email addresses and support case details. Upon learning of the incident, Microsoft responded quickly. They secured the servers in question and made an announcement, which also reassured users that “as part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information.”

After conducting an in-depth investigation, the company concluded that the data had not been copied or maliciously used by third parties. The leak was caused by a misconfiguration of the Azure security rules it deployed on December 5th, 2019.

The company made the following changes and now:

  • Audits the established network security rules for internal resources
  • Has expanded the scope of the mechanisms that detect security rule misconfigurations
  • Has added additional alerting to service teams when security rule misconfigurations are detected
  • Has begun implementing additional redaction automation

No company is immune, not even Microsoft. Kudos to the company for their rapid response and deft handling of the issue. That’s how it’s done.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech