1/22/2020
02:00 PM

Configuration Error Reveals 250 Million Microsoft Support Records

Some the records, found on five identically configured servers, might have contained data in clear text.



Researchers have found five servers revealing almost 250 million Customer Service and Support (CSS) records. Each server contains what appears to be the same set of data stored, with no security or authentication. In a blog post, Microsoft acknowledged the exposure and blamed it on misconfigured security rules after changes made in early December.

A security research team at Comparitech, led by Bob Diachenk, discovered the five Elasticsearch servers in late December. According to Microsoft, the vast majority of the records had all personally identifiable information redacted through automated processes, though the company admitted that some records with unusually formatted data might have contained data in clear text.

In the blog post revealing its research, Comparitech noted that Microsoft acted quickly to secure the servers, completing the action within 24 hours of notification.

Read more here and here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The Y2K Boomerang: InfoSec Lessons Learned from a New Date-Fix Problem."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service