a huge customer support database online

At the end of the year, researchers from the Comparitech team discovered a huge online database belonging to customer care of Microsoft, containing information regarding requests sent to support for the most varied reasons: configuration problems of the operating system, doubts about the functioning of hardware products, activation of licenses and so on.

Leak Microsoft: online customer support database

The leak was identified through the BinaryEdge search engine. Five copies of the archives found, all identical, hosted by as many ElastiSearch servers, accessible through a simple browser and not protected by any form of encryption or password. Inside well 250 million records compiled in a very long period of time, from 2005 to the end of 2019, all related to requests for support from all over the world.

These i data included: customer email, IP address, location, email of the operator in charge of managing the ticket, request number, description of the intervention, progress and any other details. There are also internal notes labeled as "confidential".

READ  Alexa, here's how to make her change the speed of the answers

The discovery of the database can be traced back to December 28th. Comparitech immediately notified Microsoft and the archives have been deleted between 30 and 31 December. The news then emerged only today after the Redmond group spoke about it on the pages of their official blog.

However, it cannot be excluded that further copies of the database are still circulating on peer-to-peer circuits or in the maze of the Dark Web. As always in these cases there is no shortage of potential risks for interested users: based on the information leaked, an attacker could get in touch with one of the customers who have asked for assistance in recent years, for example by sending an email with the aim of carrying out a scam or obtaining the credentials of access to personal accounts. The attempt could be credible and thus deceive the victim by leveraging the details of a request actually made in the past.

READ  Facebook's new policy to stem the deepfake phenomenon

Facebook Comments

Michael

My name is Michael, Iā€™m professional software developer and blogger, made this website to share my knowledge about everything what you see here šŸ™‚ haha hope you will like that, and do not forget to follow me on my twitter.

You may also like...