Not logged in » Login

Recent Discussion:

mario.lansys | 15.12.2021, 16:38
Great, Thanks.
Nuno.Costa | 15.12.2021, 16:26
Hi Mario.Yes, the disks and shelves are compatible between the DX200S3 and the DX200S4.Regards.
mario.lansys | 14.12.2021, 17:41
Hi Community,Can I use SSD disks from a DX200 S4 on a DX200 S3?Thanks.
Jan 23 2020

Misconfiguration of internal database makes Microsoft expose 250M customer service records


Microsoft exposed approximately 250 million customer service records due to a “misconfiguration of an internal customer support database” used for tracking support cases, which happened as a result of a change made on December 5.

The issue was first discovered by a team of security researchers led by Bob Diachenko, and the exposed database contained 250 million records from customer service and support logs. Tech review company Comparitech’s security research team uncovered several “Elasticsearch servers,” which included 14 years’ worth of logs of conversations between Microsoft support representatives and customers from all over the world.

 “Misconfigurations are unfortunately a common error across the industry,” Microsoft wrote. “We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database.” The entire Microsoft’s internal communication can be found here.

The data contained in the records referred to conversations between customers and Microsoft's support teams, and most of the data in the logs was redacted as part of Microsoft's standard procedures. However, some data may have been left in plain text, including information such as e-mail addresses for customers and support agents, IP addresses, locations, case numbers, and confidential internal notes. As noted by the research team that discovered the issue, this information can be used by ill-intentioned actors to impersonate Microsoft support agents to scam customers. However, Microsoft notes that it didn't find any evidence of malicious use of the data.

"We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence," Microsoft said. The company has started notifying people whose data was stored on the database.

Microsoft also says it's committed to preventing this sort of situation from happening again, so it's taking a number of steps. These include auditing the network security rules currently in place, adding additional alerts for when misconfigurations are detected, and implementing more automated redaction. The company is also notifying any customers affected by this incident.

After revealing that hackers accessed some accounts for months back in April 2019, this is its second major data security incident tied to Microsoft customer support system in a single year. 

Nuno Costa


About the Author:

Nuno Costa

Senior Channel Business Development Associate


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now