More Than 250 Million Users Exposed To Data Breach On Microsoft Servers


Adding to the increasing security lapses and data exposes, Microsoft reveals that it had left some of the customer records unprotected. Microsoft published in a blog post that it had left hundreds of thousands of customer service and support requests exposed on servers without any password protection. The data was left exposed from December 5 to December 31, 2019.

More Than 250 Million Users Exposed To Data Breach On Microsoft Server

Microsoft Data Expose

The exposed data was first discovered by Bob Diachenko of Security Discovery. Diachenko noted that the Windows originator had left more than 250 million users' data and analytics exposed. Microsoft had stored them on five Elastisearch servers that apparently mirrored each other.

The Microsoft blog post noted that the "data stored in the support case analytics database is redacted using automated tools to remove personal information". The company also confirmed that the 250 million entries have been properly redacted.

However, Microsoft also noted that in some cases, the data was originally filled in a format that was unrecognized by the system. In such cases, the email addresses may not have been redacted, the tech giant said. For instance, Microsoft might have used the email address as "XYZ @contoso com" instead of the usual "".

What About Data Hack?

Comparitech, a security firm noted that customer support records gathered over 14 years were left exposed. The data includes email addresses, IP addresses, location of customers, and also the communication between a customer and the Microsoft representative. "We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database," Microsoft said in the blog post.

While the communication records might sound uninteresting, hackers could use it to gather information and even steal data, money from unwary victims. However, Microsoft noted that there's no evidence that malicious parties accessed the exposed customer records. Microsoft, like other companies, has faced a breach before. One of the previous incidents involved a bug-tracking system and another involved exposed addresses on


On being noted about the security threat, Microsoft has issued a fix, despite being New Year's Eve, Diachenko added. The company is reportedly working on several measures to boost security, including "auditing established network security rules for internal resources".

Most Read Articles
Best Mobiles in India

Read More About: news microsoft data

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X