Everyone in the cyberspace, irrespective of size, are somehow vulnerable to hack one day. Today, the software giant Microsoft has reported an internal leak that left around 250 million records of support analytics database information exposed. This leak was first identified by Bob Diachenko and reported to Microsoft, where they’ve corrected it immediately.
Discovery and Corrections
The company pointed out the fault to be a misconfiguration of security rules occurred while changing the database’s network security group on December 5, 2019. This was found by a security researcher Bob Diachenko and soon reported to Microsoft. He was surprised and even appreciated Microsoft’s immediate response for correcting it even on New Year’s eve.
Microsoft later assured that there’s no personal or sensitive information of any of its customers or commercial cloud services were exposed and found no malicious use of it anywhere yet.
Automatically Redacted
The exposed five servers, which are having the same data as each other contained around 250 million entries of information like email addresses, IP addresses, and support case details of anonymized customers due to redaction. As Microsoft said,
“As a part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information. Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices.”
Yet, it didn’t confirm that all the records were free to form containing personal information. As data that is stored in non-standard format (due to spaces and other specifics) may have been unredacted. At last, it apologized for the incident and said notifying customers who’re in the redacted database. And to prevent such incidents in future, it outlined few measures as;
- Auditing the established network security rules for internal resources.
- Expanding the scope of the mechanisms that detect security rule misconfigurations.
- Adding additional alerting to service teams when security rule misconfigurations are detected.
- Implementing additional redaction automation.
