Cyber security news for all


    Microsoft Released Call Center Data From Nearly 250 Million Customers

    The tech site Betanews reports that data from 250 million support processes with Microsoft customers have been accessible on the internet for years without protection from the Microsoft Customer Service. The data was on five servers that the security research team from Comparitech discovered.

    Microsoft Files Had Been Edited Or Removed

    The conversations between Microsoft support staff and their customers were stored on the servers. The records range from 2005 to December 2019. Access to the files was not password-protected and the data was also not encrypted. Anyone who discovered the files on the servers could read them in the browser. Most of the personal information about Microsoft customers in the Microsoft files had been edited or removed. Nevertheless, there was still a lot of sensitive data in plain text in the files found: customer email addresses, IP addresses, case descriptions, Microsoft support emails and internal notes.

    Microsoft Data

    Comparitech reportedly discovered the data on December 2019 and immediately informed Microsoft. Until December 31 Microsoft secured the files from unauthorized access and began investigating the incident. Microsoft announced information about the incident. According to Microsoft, an incorrect configuration was the reason for the disclosure of the Microsoft support files. The problem: Cyber ​​gangsters could have captured the Microsoft data and used it for phishing attacks.

    According to Microsoft, an internal customer support database was configured incorrectly. Microsoft used this database for the analysis of support processes. Microsoft does not want to have found any evidence in the investigation of the case that hackers have already exploited this data. Microsoft emphasizes that the data stored in this database is automatically removed in relation to the users. In individual cases however, this can be avoided. In such cases, Microsoft will inform the affected users.

    Recent Articles

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox