At the end of the year, researchers from the Comparitech team discovered a huge online database belonging to customer care of Microsoft, containing information regarding requests sent to support for the most varied reasons: configuration problems of the operating system, doubts about the functioning of hardware products, activation of licenses and so on.
Leak Microsoft: online customer support database
The leak was identified through the BinaryEdge search engine. Five copies of the archives found, all identical, hosted by as many ElastiSearch servers, accessible through a simple browser and not protected by any form of encryption or password. Inside well 250 million records compiled in a very long period of time, from 2005 to the end of 2019, all related to requests for support from all over the world.
These i data included: customer email, IP address, location, email of the operator in charge of managing the ticket, request number, description of the intervention, progress and any other details. There are also internal notes labeled as "confidential".
The discovery of the database can be traced back to December 28th. Comparitech immediately notified Microsoft and the archives have been deleted between 30 and 31 December. The news then emerged only today after the Redmond group spoke about it on the pages of their official blog.
However, it cannot be excluded that further copies of the database are still circulating on peer-to-peer circuits or in the maze of the Dark Web. As always in these cases there is no shortage of potential risks for interested users: based on the information leaked, an attacker could get in touch with one of the customers who have asked for assistance in recent years, for example by sending an email with the aim of carrying out a scam or obtaining the credentials of access to personal accounts. The attempt could be credible and thus deceive the victim by leveraging the details of a request actually made in the past.