A temporary error in the Microsoft Corporation database, which caused the exposure of 250 million users of its services and records of support conversation leaks, as this data was available to anyone via the Internet.
Security researcher Bob Diachenko and Comparitech discovered a rift in Microsoft’s database that exposed data on millions of users to the risk of leaks and hacks last December 29, when the number of customers whose data fell into the danger cycle reached 250 million.
Where the company closed the database and solved the problem only two days after the vulnerability was discovered, and also claimed that it did not find any evidence of misuse of that data.
The base, according to the website, included records of a conversation dating back to 2005 between Microsoft technical support representatives and customers who were not limited to a specific region but rather to separate regions of the world.
Comparitech stated that the base was not password protected and the leaked data received the email address and IP addresses as they were kept in unencrypted texts, which makes the possibility of using them in fraud and electronic phishing matters impersonating the company’s customer service employees.
While Microsoft expressed its deep regret to its customers following this gap, saying that it deals with it very seriously and takes lessons to prevent any similar work that may happen in the future, and also indicated that it sent notifications to people whose data was leaked at the base.
This is the second leak that hit the Microsoft Customer Care and Support Unit after the April 2019 incident, which the company clarified by hackers using customer service staff data to penetrate the accounts of some of its customers.