-
Team TechTree
08:56 23rd Jan, 2020
Microsoft Discloses Security Breach in Customer Database | TechTree.com
Microsoft Discloses Security Breach in Customer Database
The company says the database storing user analytics and contained over 250 million entries was accidentally exposed last December
It is one thing for cyberhackers to make malicious attacks on networks to steal data, but it is quite another to hear that one of the top-3 tech giants of the world actually left their doors unlocked to expose more than 250 million entries on an internal customer support database – something that could have led to embarrassing outcomes.
In a blog post on their official website, Microsoft admitted the security breach between December 5 and December 31, 2019 but said the investigation ruled out any malicious intent or use of the exposed data. The company said that though there was no personally identifiable information in the database, the post was part of Microsoft’s efforts to be transparent about the incident to all customers.
The probe revealed that a change made to the database’s network security group on December 5 contained misconfigured security rules (listed out here) that enabled the exposure, which then was fixed on December 31 to prevent unauthorized access. The company clarified that the issue related to an internal database used for support case analytics and “does not represent an exposure of our commercial cloud services”.
Ann Johnson, Corporate VP of Microsoft’s Cybersecurity Solutions Group and Eric Doerr, General Manager of the Microsoft Security Response Centre claimed that misconfigurations were a common error across the industry but solutions that prevent such errors weren’t enabled for this particular database.
A report published on ZDnet.com says the database exposure was first reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery who said that it comprised a cluster of five servers which appeared to have the same data. The security expert took to his Twitter handle to share information about the breach and how he helped fix it.
On its part, Microsoft also complimented Diachenko for his efforts and said, “we also want to thank the researcher, Bob Diachenko, for working closely with us so that we were able to quickly fix this misconfiguration, investigate the situation, and begin notifying customers as appropriate.”
Looks like the company escaped a major embarrassment and needs to review its security protocols from time to time though on this occasion they may also want to thank cybercriminals who were possibly asleep at work.
TAGS: Microsoft, Database, Bob Diachenko, Security, Data Security
News Corner
- DRIFE Begins Operations in Namma Bengaluru
- Sevenaire launches ‘NEPTUNE’ – 24W Portable Speaker with RGB LED Lights
- Inbase launches ‘Urban Q1 Pro’ TWS Earbuds with Smart Touch control in India
- Airtel announces Rs 6000 cashback on purchase of smartphones from leading brands
- 78% of Indians are saving to spend during the festive season and 72% will splurge on gadgets & electronics
- 5 Tips For Buying A TV This Festive Season
- Facebook launches its largest creator education program in India
- 5 educational tech toys for young and aspiring engineers
- Mid-range smartphones emerge as customer favourites this festive season, reveals Amazon survey
- COLORFUL Launches Onebot M24A1 AIO PC for Professionals
TECHTREE