250 Million Customer Records Exposed Online, Microsoft Admitted Mistake, Microsoft admitted mistake, 250 million users data was breached

Microsoft has admitted that service records of about 250 million customers were compromised due to a “misconfiguration of an internal customer support database”. These records included data on conversations between customers and Microsoft employees around the world regarding support cases. All Microsoft customer data was left open and accessible from a web browser. Anyone could access this data without a password or any authentication required. This lapse was first reported by Bob Diachenko’s Comparitech Security Research Team.

Corporate Vice President, Cybersecurity Solutions Group at Microsoft commented on this lapse Statement Microsoft has admitted the mistake and also assured that no person’s personal data has been misused. An investigation conducted by Microsoft found that a change made to the database’s network security group on December 5, 2019 mistakenly included a wrong security rule, due to which the data became publicly available. The company says that this mistake has been fixed on December 31, 2019 and the database has now been made secure.

This record included the log files of conversations from 2005 to December 2019, i.e. a period of 14 years. The company apologized to all users and has also promised to learn from this mistake and not make such a mistake in future. The company has also thanked Bob Diachenko for helping in correcting this mistake.

This is not Microsoft’s first data security lapse. Earlier in 2013, hackers broke into the company’s confidential database. This database kept a record of information tracking problems in the company’s software. After this, between January and March 2019, hackers hacked the account of a Microsoft support agent. Apart from this, the company has also previously admitted the possibility of a breach in the data of some Outlook users.