Security News > 2020 > January > WindiLeaks: 250 million Microsoft customer support records dating back to 2005 exposed to open internet

WindiLeaks: 250 million Microsoft customer support records dating back to 2005 exposed to open internet
2020-01-22 14:00

Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019.

What data was published? These are logs of customer service and support interactions between 2005 and now.

A subset contained plain-text data including email addresses, IP addresses, case descriptions, emails from Microsoft support, case numbers and "Internal notes marked as confidential".

Armed with this information, there is plenty of scope for identifying the customers, learning more about their internal IT systems if they are businesses, and using the data for activities such as impersonating Microsoft support and thereby gaining access to personal computers or business networks.

Calls from fake Microsoft support staff are nothing new; they are so widespread that most of us have received a few.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/22/microsoft_support_database_leak/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399