Microsoft company reported about a data leak that occurred in December last year. The internal database of the customer support service, in which the analytical information was stored, accidentally turned out to be open to all comers, and remained available from December 5 to December 31, 2019.
The leak was discovered by Security Discovery specialist Bob Dyachenko. The problematic customer support database was a cluster of five Elasticsearch servers. All five servers stored the same data and looked like mirrors of each other. Although Dyachenko discovered the leak on December 31 and informed Microsoft about the problem just before the New Year, the company's specialists responded promptly and secured the open database on the same day.
Kudos to MS Security Response team – I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve. https://t.co/PPLRx9X0h4
– Bob Diachenko (@MayhemDayOne) January 22, 2020
The above servers contained about 250 million records with various information, including email addresses, IP addresses, as well as logs of conversations between Microsoft support staff and customers from around the world and information about the support services provided. The database covered the period from 2005 to 2019.
At the same time, Microsoft claims that most of the records did not contain any personal information about users, since the information in the analytical database is “edited using automatic tools to delete personal information”. Only in cases when users contacted the support team using non-standard formatted data (for example, “first name last name @ email domain com” instead of “first name last firstname.lastname@example.org”), this information was not detected by automatic tools, was not edited and settled in the database data. Such clients have already begun to be notified of the incident.
The reason for this data leak at Microsoft was called an accident and incorrectly configured Azure security rules, which were applied on December 5 and now, of course, have already been fixed.