WindiLeaks: 250 million Microsoft customer support records dating back to 2005 exposed to open internet

2020-01-22 14:00

Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019.

What data was published? These are logs of customer service and support interactions between 2005 and now.

A subset contained plain-text data including email addresses, IP addresses, case descriptions, emails from Microsoft support, case numbers and "Internal notes marked as confidential".

Armed with this information, there is plenty of scope for identifying the customers, learning more about their internal IT systems if they are businesses, and using the data for activities such as impersonating Microsoft support and thereby gaining access to personal computers or business networks.

Calls from fake Microsoft support staff are nothing new; they are so widespread that most of us have received a few.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/22/microsoft_support_database_leak/

#microsoft #internet

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		725	810	4726	4731	3648	13915