Microsoft hacked. Support database with 250 million records was leaked

The information security team at technology giant Microsoft just disclosed information related to a data breach that occurred in late 2019, during which approximately 250 million records would have been compromised.

The information presented was stored in a technical support database operated by the company. In addition, it is mentioned that the incident occurred between December 5 and 31, although the investigation is still ongoing.

Microsoft claims that the incident occurred due to an error in an Azure security configuration deployed on December 5. The flaw has already been completely corrected.

On New Year’s Eve, renowned information security specialist Bob Diachenko detected this information exposure, notifying Microsoft as soon as he found it. Hours later, Diachenko himself reported via his Twitter account that the company had already resolved the incident. Speaking for the specialized ZDNet platform, Diachenko mentioned that the database was made up of five Elasticsearch servers, which stored the same data.

On the other hand, Microsoft’s information security team published a report mentioning that no evidence of malicious use of the compromised information was detected, adding that “most of the personal data of users were erased from these databases in compliance with our internal security practices.” However, a small portion of this personal data could have been exposed.

Microsoft emphasized the fact that, although some personal data was not deleted, it is “anonymised”, as they are displayed in a different format than conventional. The tech company concluded its message by mentioning that it is in the process of directly notifying all potentially affected users. 

A Microsoft spokesperson later reported that the company will implement some measures to mitigate the risk of similar incidents occurring in the future. According to the International Institute of Cyber Security (IICS), among the measures planned by the tech giant are:

  • Updating security rules for managing internal resources
  • Expanding the scope of safety fault detection mechanisms
  • Implementing better alerts to service teams 
  • Implementation of additional writing automation