Posted on January 23, 2020 at 5:48 PM
This year, Microsoft has already exposed 250 million customer service and support records on the internet. The documents contain records of conversations between customers of Microsoft and the company’s customer service representatives.
The records contain a 14-year record of all the discussions and interactions between the representative and Microsoft customers all over the world. The company has given access to anyone who has access to the internet, with no need for authentication or password.
Bob Diachenko led the team of researchers at the Comparitech research team to discover the five Elasticsearch servers with each of the servers containing the same set of 250 million records of the conversations that took place between 2005 and 2019. When the research team disclosed the exposure findings to Microsoft, the company immediately took a quick action to mitigate any impending loss and secure the data.
The research team spent roughly two days to carry out the research and expose the said data. The BinaryEdge search engine indexed the data on Dec 28, 2019. The next day, Diachenko uncovered the database and informed Microsoft of its findings. On the 30th of December, Microsoft secured the data and servers to prevent any further exposure. Microsoft and Diachenko continued with their investigation to remedy the situation.
On January 21 this year, Microsoft revealed additional details it found during the investigation regarding the database.
Jan 21, 2020 – Microsoft disclosed additional details about the exposure as a result of the investigation. Diachenko said that he reported the situation as soon as the research team discovered the exposure and Microsoft took a swift action to remedy the situation within the same day.
He further stated that he was impressed with the swift response Microsoft took to handle the situation, adding that the quick turnaround time helped to mitigate any infringement to the database or customer files. However, he pointed out that he is uncertain whether any other party was able to access the database during the time of exposure when they were investigating.
Diachenko revealed that they redacted most of the information in personality identification, including payment information, contact numbers, and email addresses. However, a lot of the records have only plain data inform of remarks, resolutions, case numbers, Microsoft support agent emails, descriptions on claims by CCs, locations, as well as IP addresses.
Although most of the identifiable information was removed from the records, the exposure could still be severe. He also pointed out that tech support scammers can find the exposed data valuable to their cause.
The tech support scammers work by falsely representing the company and contacting customers, claiming to be the main tech support of the firm. They can extort additional information from these customers, since the customers may believe they are discussing with the company a genuine tech support team.
This type of scam is very common, even when the scammers do not have enough information about targeted customers. Most times, they impersonate the Microsoft support team and extort more information they can use to gain something tangible from the customers.
With detailed logs and case information at their disposal, the scammers would think they can succeed in scamming their victims.
The scammers have several ways of exploiting their advantages. They could pretend to be the real Microsoft support team and refer them to a real number for more contacts. Afterward, the scammers can hijack user devices or look for sensitive information about the customers.
Window users and other Microsoft customers should be wary of such scams through emails and phone calls. Microsoft has advised users to be very careful about how they release their information, even if the person has genuine email addresses or phone numbers.
The company reiterated that it’s against the company policy to proactively ask for certain details about their account. Any such request is probably not coming from Microsoft.
Other data security situations in the past
This recent security information is not the first time the company has raised security concurs. In 2013, cyber hackers tracked bugs in Microsoft servers after breaking into its database. From January to March 2019the account of a Microsoft support was compromised by hackers.
Microsoft revealed that the hackers could have taken control of some of Outlook’s user accounts.