The company Comparitech working in the field of information security, announced that at the end of last year, the researchers were able to detect free 250 million records associated with customers of Microsoft support. Identical database housed on five unsecured servers Elasticsearch.
The report said that DB was the record for a 14-year period from 2005 to 2019. The record contained the talks of the support staff of Microsoft Corporation with clients from different countries of the world. It is noted that all data were kept secure and access to them could be accessed by any user of the Internet, using your web browser.
The databases were in the public domain about two days, after which they came in sight of the researchers who immediately notified about the incident, Microsoft. Search engine BinaryEdge indexed database 28 December, and the next day they were discovered by cybersecurity expert Bob Dyachenko (Bob Diachenko). On receiving the notification, Microsoft has closed the access to the data on December 30-31, and then started the investigation of the incident, after which it was announced publicly.
“I immediately reported his discovery to Microsoft, and within 24 hours access to the servers was blocked. I am glad that the Microsoft team has found a quick solution to this problem, despite the fact that the incident occurred on the eve of the New year, “said Bob Dyachenko.
A large part of customers ‘ personal data has been removed from the records, caught in open access. However, published data suggests that in the database contained email addresses, IP addresses of clients entering support messages etc.