Trusted

Microsoft Records Endangered: 250 Million CSS Files Were Exposed

2 mins
By
Updated by
Join our Trading Community on Telegram
Microsoft Customer Service and Support records recently got exposed on the web, putting 250 million files available to anyone with a browser for three days.
Microsoft seems to have made a major error in the closing days of 2019, as it somehow left more than 250 Customer Service and Support (CSS) records exposed to anyone on the web. The records, which contained logs of conversations between Microsoft customers and customer support, included files from the last 14 years, from 2005 to late 2019. Furthermore, all of the exposed data was available to anyone, completely unencrypted, and with no need for a password or some other method of authentication. The files were then discovered by Comparitech security researchers, led by Bob Diachenko. Diachenko and his team discovered five Elasticsearch servers in total, each with an identical set of records, which they immediately reported to Microsoft. The data was exposed for around three days in total, from December 28th, when the databases were indexed by a search engine known as BinaryEdge, over December 29th, when the files were uncovered and researchers reported the leak. Microsoft then secured the servers and the files over December 30th and 31st, but they also started an investigation to determine how this has happened, as well as a remediation process, during which they notified affected individuals. microsoft Three weeks later, on January 21st, 2020, the company published the details of the investigation. Microsoft’s General Manager, Eric Doerr,  stated that the company is thankful to Diachenko and his team, and their efforts to help contain the situation. However, it remains unknown whether the data was accessed by an unauthorized third party. For the most part, the files that were revealed contained plain text data, such as customer email, Microsoft support staff email, IP addresses, locations, internal notes, descriptions of CSS cases, and more. While personally identifiable data was mostly redacted from the database, there is still a significant danger due to exposure, as the data could still be valuable to scammers.
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Sponsored
Sponsored