Microsoft data breach: Millions of customer data were open on the Internet
Anyone who has contacted Microsoft support in the past few years should beware of fraudsters. Because millions of customer data were freely available online for a short time.
Around 250 million records of Microsoft customer service, including chat histories, were open on the Internet and were thus theoretically available to all users. The security company Comparitech reports in one Blog Post,
The reason for the data breach were five insecurely configured servers, Comparitech writes. The data set includes entries from 2005 to 2019. The data was available for two days at the end of 2019 before Comparitech informed Microsoft about the error. The Windows company is said to have taken care of the data leak within 24 hours.
Which data were affected?
According to Comparitech, the data contained sensitive information such as customer email addresses, locations, IP addresses, information on support cases and internal notes that were marked as “confidential”.
What does this mean for users?
It is not yet known whether the data was accessed by third parties. For example, criminals can use this data to send deceptively real phishing emails to Microsoft customers on behalf of the company.
Phone fraud is also common with Microsoft. Unknowns report here and pretend to be Microsoft employees. The goal is often to persuade the victim to install remote maintenance software on their computer. In this way, criminals can take control of their victims’ computers and access sensitive data.
In both cases, users should either delete the emails or hang up immediately. Because Microsoft does not report itself in support cases, but usually only contacts customers on request.
(Avr / t-online.de)