Skip to main content

Microsoft secures servers after 250 million customer records exposed online

Microsoft secures servers after 250 million customer records exposed online
(Image credit: Microsoft)

Tech research company Comparitech exposed a security flaw at Microsoft that left 250 million Customer Service and Support (CSS) records unprotected online. CSS records contain logs and transcripts from conversations between Microsoft customer support agents and their customers from all over the world. The data logs in question date from December 2019 all the way back to 2005, so it’s not only current Microsoft customers that could have been harmed by this security flaw.

The Comparitech research team, led by Bob Diachenko, immediately alerted Microsoft to the issue upon discovery and the tech giant swiftly moved to secure the data. “I immediately reported this to Microsoft and within 24 hours all servers were secured,” Diachenko said. “I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve.”

The data breach appeared to be serious error on Microsoft’s part, but it looks like things aren’t as bad as they could have been. Most personally identifying data - things like email aliases, contract numbers, and payment information - were redacted from the reports. Many of the reports did contain other sensitive information though, including customers’ email addresses, IP addresses, locations, case numbers, and details of their support conversations.

Lenovo 730 yoga

(Image credit: Future)

While we know what data was vulnerable, we don’t know how long this information was exposed for, nor do we know if anyone actually found it before Comparitech alerted Microsoft. The exposed data could be extremely useful to scammers, particularly tech support scammers who pose as tech support agents to gain customers’ secure passwords and account information. 

If you receive unsolicited communications from someone claiming to be working for Microsoft or any other company, be sure to verify their email address and never give them your passwords or bank account details. If you’re looking to protect yourself further online, consider looking at our best VPN services and best antivirus guides to secure your online activities. 

And if you don’t know what a VPN is, we’ve got a hand guide for that explains what is a VPN, and why do you need one?