The company announced that the internal customer support database, which was storing anonymous user analytics, had been mistakenly disclosed and remained without proper protection with a password between 5 and 31 December 2019.
The company confirmed that it had begun to alert affected clients of the mentioned problem, although it did not find any evidence of harmful uses of their data.
She emphasized that since she was informed of the matter, she has taken all necessary measures to avoid the consequences of the problem, and has begun to refine the data to remove the personal information of clients as part of the standard operating procedures.
It is noteworthy that Microsoft learned of this problem from the researcher and expert in information security, Bob Dyachenko, who works in Security Discovery.
Dyachenko said that the aforementioned database for Microsoft included 5 Elasticsearch servers, used to simplify searches for users, and that these servers contained information related to users’ email addresses, IP addresses, and details of customer support status, but they did not contain personal information about Users.