Microsoft has promised to notify anyone whose data was inadvertently exposed in this way, but didn’t say what percentage of all records were affected. So if your email address were recorded as your data would have been converted into a harmless form, whereas (an easy mistake for a support staffer to make when capturing data) would have been left alone. It did, however, give one example of data that would have been left behind: email addresses with spaces added by mistake were not recognised as personal data and therefore escaped anonymisation. Microsoft didn’t say what type of personal information was involved, or which data fields ended up un-anonymised. However, some private data that was supposed to be redacted was missed and remained visible in the exposed information. Microsoft’s official statement states that “the vast majority of records were cleared of personal information,” meaning that it used automated tools to look for and remove private data. The company informed Microsoft, and Microsoft quickly secured the data. …logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019.Īccording to Comparitech, that same data was accessible on five Elasticsearch servers. However, consumer website Comparitech, which says it discovered the unsecured data online, claims it was to the order of 250 million records containing: Microsoft didn’t give details of how big the database was. The blog article, entitled Access Misconfiguration for Customer Support Databases, admits that between 05 December 2019 and 31 December 2019, a database used for “support case analytics” was effectively visible from the cloud to the world. Microsoft has today announced a data breach that affected one of its customer databases.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |