The records contain conversations, logs and information between Microsoft support agents and customers from around the globe dating all the way back to 2005.
Comparitech said it found five Elasticsearch servers, each with a seemingly identical set of the 250 million records, on December 29, 2019 – just one day after they were indexed by search engine BinaryEdge.
Most personally identifiable information was redacted from the records although many of them contained other information such as customer e-mail addresses, IP addresses, locations, descriptions of CSS claims and cases, support agent e-mails, resolutions and remarks, case numbers and internal notes marked as “confidential.”
Fortunately, Comparitech did the responsible thing and reached out to Microsoft about the matter. Redmond’s support team got right on it and had all of the vulnerable servers secured within 24 hours.
Even with the short window, opportunity existed for nefarious activity although Comparitech said it is unsure if any other unauthorized parties accessed the databases during that time.
In its own blog post, Microsoft held itself accountable, citing a change made to the database’s network security group on December 5, 2019, as the culprit. The company said the issue was “specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services.”