Company revealed Microsoft About a security breach in the month of December 2019, the OSR security response center said Post: The internal customer support database that was storing anonymous user analytics was accidentally detected and remained without proper password protection between December 5 and December 31.
The database was discovered and sent to Microsoft by Bob Dyachenko Bob DiachenkoSecurity Discovery security researcher, according to what the security researcher said, the exposed customer support database consisted of a set of five Elasticsearch servers, a technology used to simplify searches.
All five servers store the same data, appear to reflect each other, and extend to 14 years of customer support records. Bob Dyachenko added, “Microsoft secured the exposed database on the same day that the OS maker reported this problem, despite being a header night. the year”.
The servers contain about 250 million entries, with information such as email addresses, IP addresses and support case details, and the software giant said: Most of the records do not contain any personal information for the user.
The company added, “The data stored in the support case analysis database is being revised using automated tools to remove personal information as part of Microsoft’s standard operating procedures.”
The company said it had begun alerting affected clients, although it said it had found no harmful use of the data, and blamed the incorrectly configured Azure Security rules on December 5, which were now fixed.
Microsoft said it is now reviewing established network security rules for internal resources and expanding the scope of mechanisms that detect security base configuration errors and adding additional alert to service teams when it detects security rule configuration errors and implements the additional revision automation.
Kudos to MS Security Response team – I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve. https://t.co/PPLRx9X0h4
– Bob Diachenko (@MayhemDayOne) January 22, 2020