Configuration Error Reveals 250 Million Microsoft Support Records

Some the records, found on five identically configured servers, might have contained data in clear text.

Researchers have found five servers revealing almost 250 million Customer Service and Support (CSS) records. Each server contains what appears to be the same set of data stored, with no security or authentication. In a blog post, Microsoft acknowledged the exposure and blamed it on misconfigured security rules after changes made in early December.
A security research team at Comparitech, led by Bob Diachenk, discovered the five Elasticsearch servers in late December. According to Microsoft, the vast majority of the records had all personally identifiable information redacted through automated processes, though the company admitted that some records with unusually formatted data might have contained data in clear text.
In the blog post revealing its research, Comparitech noted that Microsoft acted quickly to secure the servers, completing the action within 24 hours of notification.
Read more
here
and
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
The Y2K Boomerang: InfoSec Lessons Learned from a New Date-Fix Problem
.

Last News
▸ Obama supports NSA Prism program, Google denies access point ◂ Discovered: 26/12/2024 Category: security	▸ Glasgow Council fined for weak security. ◂ Discovered: 26/12/2024 Category: security	▸ NSA PRISM causes controversy, yet seems lawful. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Configuration Error Reveals 250 Million Microsoft Support Records