Skip to main content
  1. Home
  2. Computing
  3. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Microsoft reveals a security breach of an internal customer support database

Add as a preferred source on Google
 

Microsoft announced today that an internal customer support database experienced a security breach in December 2019.

Recommended Videos

The technology company’s announcement came via a blog post published on Wednesday, January 22 on the Microsoft Security Response Center blog. According to the post, the breach occurred on December 5, 2019 and involved the “misconfiguration of an internal customer support database used for Microsoft support case analytics.” Essentially, the breach occurred when a change was made to the database’s network security group. This change carried with it “misconfigured security rules” which then caused the exposure of customer data. And according to ZDNet, the servers affected by the breach “contained roughly 250 million entries, with information such as email addresses, IP addresses, and support case details.”

This misconfiguration came to Microsoft’s attention on December 31, 2019 and was fixed that day as well. Microsoft was alerted to the breach by security researcher Bob Diachenko of Security Discovery.

According to Microsoft’s blog post, the security breach only involved “an internal database used for support case analytics” and Microsoft maintains that the breach didn’t involve an exposure of its commercial cloud services. In addition, Microsoft’s investigation into the matter found that there was “no malicious use” and that, for the most part, its customers “did not have personally identifiable information exposed.” But there is a caveat. While most customers may be unaffected by the breach because of company practices requiring the redaction of personal information via automated tools, the technology company did say that some customer data may have been exposed in the breach due to the following exception:

“In some scenarios, the data may have remained unredacted if it met specific conditions. An example of this occurs if the information is in a non-standard format, such as an email address separated with spaces instead of written in a standard format (for example, ‘XYZ @contoso com’ vs ‘XYZ@contoso.com’).”

Microsoft has said that for these special cases, it has started to notify the customers whose data may have been exposed in the breach. The software and technology company also said that it is planning on implementing the following practices to help prevent such a breach in the future:

  • Auditing the established network security rules for internal resources.
  • Expanding the scope of the mechanisms that detect security rule misconfigurations.
  • Adding additional alerting to service teams when security rule misconfigurations are detected.
  • Implementing additional redaction automation.
Anita George
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
ChatGPT’s hiking advice left two hikers stranded on a mountain in Poland
The chatbot directed the pair onto a climbing route neither had the skills to finish, and it's not the first time AI has sent travelers somewhere they shouldn't have gone.
Bag, Clothing, Coat

A shortcut recommended by ChatGPT left two hikers stuck on a mountain face in Poland this month, and they needed a helicopter to get back down. It's the latest case of an AI chatbot steering travelers toward routes it has no real way to evaluate.

ChatGPT's shortcut led straight to a dead end

Read more
Firefox is doubling its update pace, and that’s good news for your security
Mozilla Firefox

Mozilla is about to speed up one of the most important parts of using Firefox: security updates. If you're used to seeing a new Firefox update land about once a month, that's about to change. Beginning in September, Mozilla plans to switch to a two-week release schedule for Firefox on desktop and Android, meaning users should start getting updates twice as often. That might sound like more frequent downloads, but it's really about closing security gaps sooner.

Why waiting a month for security fixes no longer cuts it

Read more
Anthropic confirms Claude acts differently depending on your language and which model you pick
A new study shows Claude's isn't nearly as consistent as you might assume.
Claude app on iPhone

If you've ever felt like Claude gave you a completely different vibe on one day than another, you weren't imagining it. Anthropic just published research confirming that its chatbot's personality shifts depending on which model you pick and which language you type in, and the pattern is consistent enough that it's worth knowing before you ask your next question.

The model you pick decides how Claude responds

Read more