Microsoft exposes a security breach of the customer support database


The American company “Microsoft” America revealed a security breach occurred during the last month in December 2019, and the operating systems industry company said: “The internal customer support database that was storing anonymous user analyzes had been detected by mistake and remained without appropriate protection Between December 5 and December 31. “

Faced with what the technical website “ZDNet” mentioned, the database was discovered and sent to Microsoft by Bob Diachenko, a security researcher at Security Discovery, According to him, “The Open Customer Support Database consists of a set of five Elasticsearch servers, a technology used to simplify searches.”

And all five servers store the same data, and it appears to reflect each other. Dyachenko added: “Microsoft secured the exposed database on the same day that the OS maker reported this problem, despite it being New Year’s Eve.”

The servers contain about 250 million entries, with information such as email addresses, IP addresses and support status details, and the US company said: “Most of the records do not contain any personal information for the user.”

The technology giant added: “As part of Microsoft’s standard operating procedures, data stored in the support case analytics database is being revised using automated tools to remove personal information.”

The company said it had begun alerting affected clients, although it said it had found no harmful use of the data, and blamed the incorrectly posted Azure security rules on December 5, which were now fixed.

Microsoft said: “It is now reviewing established network security rules for internal resources, expanding the scope of mechanisms that detect security base configuration errors, and adding an additional alert to service teams when security base configuration errors are detected, and implementing additional retouching automation.”

This article, “Microsoft reveals a security breach of the customer support database”, is excerpted from the website (Echo of the country), and does not reflect the site policy or point of view in any way, but rather the responsibility for the news or its authenticity lies with the original source of the news, which is the echo of the country.


Please enter your comment!
Please enter your name here