As reported by Engadget on Jan. 22, 2020:

While most people were out celebrating the start of a new year, Microsoft’s security teams were working overtime to close a potentially enormous security loophole. On Thursday, the company disclosed a database error that temporarily left approximately 250 million customer service and support records accessible to anyone with a web browser.

Security researcher Bob Diachenko and Comparitech discovered the vulnerability on December 29th. Microsoft quickly fixed the issue two days later. It says the exposure was caused by a “misconfiguration” of one of its internal customer support databases. The company claims it found no evidence of “malicious use.”

The server included conversation logs dating as far back as 2005 between Microsoft support personnel and customers from across the world. According to Comparitech, the database wasn’t password-protected.

Microsoft says the “vast majority” of personal data that was exposed was redacted. However, Comparitech notes some information, such as email and IP addresses, was stored in plain text. Had someone been able to access the logs, they could have used them to more easily impersonate the company’s support staff in a phishing scheme.

“We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence,” Microsoft said. The company has started notifying people whose data was stored on the database.

 

Experience Matters

Sauder Schelkopf is a nationally recognized class action and personal injury law firm. The firm’s partners currently serve as court appointed lead counsel in courts across the country and have been selected by the National Trial Lawyers Association as some of the Top 100 Trial Lawyers in Pennsylvania since 2012. The attorneys at Sauder Schelkopf have recovered over $500 million on behalf of their clients and class members.

We Want to Hear from You

You can confidentially contact the lawyers at Sauder Schelkopf by filling out the form on this page or calling 888.711.9975