Microsoft revealed a security breach as an internal customer support database was vulnerable last month online.
The company explained more on the security breach in a blog post where they wrote that the database had stored anonymized user analytics and this was exposed to accident online between December 5th and the 31st.
Bob Diachenko, a security researcher at Security Discovery had first found the database and reported to Microsoft about it. The exposed and vulnerable database had soon been secured the day the issue was reported, which was on New Year’s Eve.
Diachenko said that the database had a cluster of five Elasticsearch servers which are used to simplify search operations. The five servers had accumulated the same data and had appeared as mirrors of one another.
The servers that had stored the customer support database at Microsoft accommodated about 250m entries and included information such as email addresses, IP addresses and support case details. But the records did not hold any personal user information, the blog post explained:
“As part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information. Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices. In some scenarios, the data may have remained unredacted if it met specific conditions.”
If users were to request customer support using non-standard formatted data, and the data was not found and redacted but stayed in the exposed database. Customers that have been affected have been notified by the company even though the company has “found no malicious use” of the data.
This exposure had occurred due to misconfigured Azure security rules that had deployed on December 5th which have been fixed now.