Microsoft disclosed a security breach today that took place last month in December 2019. In a blog post today, Microsoft announced an investigation of a misconfiguration of security rules on an internal customer support database that was storing user analytics data. In the time period of December 5 – December 31, 2019, anonymized data was accidentally exposed online without proper protections.

The leaked customer support database consisted of a cluster of five Elasticsearch servers, a technology used to simplify search operations, stored as mirrored data

The servers contained roughly 250 million entries, with information such as
  • email addresses
  • IP addresses
  • and support case details

 Microsoft stated that most of the records didn’t contain any personal user information.

Microsoft has begun notifying customers whose data was impacted, asserting that OS maker “found no malicious use” of the data.

Microsoft pointed out that the accidental server exposure is due to misconfigured Azure security rules that were deployed on December 5, 2019.

 

As of December 31, 2019 Microsoft has the previously exposed database secured. Microsoft states that it is now:

  • Auditing the established network security rules for internal resources.
  • Expanding the scope of the mechanisms that detect security rule misconfigurations.
  • Adding additional alerting to service teams when security rule misconfigurations are detected.
  • Implementing additional redaction automation.

“We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence. ” ~ Microsoft

How is your state of IT?

Call Us: (201) 493-1414

Related Articles

Benefits of letting your employees work from home
Increase in Business Productivity Phishing Scams
The cost of downtime for small business
Ensure Employee Well-Being for Business Continuity
Best Practices for Financial Services IT
Financial Companies Have a False Sense of Security
How COVID-19 pandemic will affect remote workforce after it passes
Benefits and facilitation of a productive remote workforce
Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
Scroll to Top