A total of 250 million Microsoft customer records have been exposed without a single password protect in a span of 14 years! According to Comparitech, there are extreme security loopholes that leave 250 Million Microsoft users vulnerable to anyone with a browser without any authentication requirements to access. From the period of 2005 to December of 2019, 250 Million records have been left out in the open for other people to take advantage of the data within. This was all discovered on December 28, 2019.
Negative press on Microsoft
Microsoft has not been unfamiliar to negative press from the Internet Explorer having zero-day vulnerability which Microsoft has not even updated despite the sensitivity of the matter. Online vulnerability is a very big issue nowadays as most transactions have been conducted through the internet which is why internet security has become a topic of utmost importance.
The United States' Government's warning
Windows 10 update now alert has been a very sensitive topic when it comes to internet security because of the many flaws of this update which hackers might find easy to bypass and is subject to crypto vulnerability. The NSA or National Security Agency is taking this matter very seriously.
What was the source of these records?
Comparitech conducted an investigation where their research team was able to uncover no less than five different servers containing the same set of 250 million records including customer service and support logs as well as detailed conversations between the Microsoft support agents and their customers from around the world. The data appeared redacted although researchers said that it included IP addresses, geographical locations, and even detailed descriptions of claims and cases.
Although this may seem unimportant in the bigger scale of things, these little bits of data can be valuable to fraudsters and scammers who might use this data for all the wrong reasons.
How the data was discovered
Threat intelligence search engine called BinaryEdge was able to discover the data and according to Bob Diachenko who was the head of the Comparitech research team which fronted the investigation, they had to notify Microsoft immediately. The serious leak was then neutralized in about 24 hours but the fact that it was leaked in the first place was still very alarming to all users.
Microsoft's comments on the data breach
The general manager of Microsoft's Security Response Center gave a statement saying "We're thankful to Bob Diachenko for working closely with us so that we were able to quickly fix this misconfiguration, analyze data, and notify customers as appropriate."
If it was not for Bob Diachenko, Microsoft might not have been aware of this serious security breach and users would have continued to be left without security from their data being used wrongfully.
Microsoft's response was quick and even though there was a leakage, they were able to put a better security to counter future leakages.