If Microsoft didn’t have enough on its plate with malware and the overall mess that came out of Windows 10, then it probably does now. A new report indicates that 250 million of its customers’ records have been exposed online. Why? Because Microsoft left the gateway to those records password-unprotected.
Those quarter-million records span nearly 14 years and contain logs of conversations that Microsoft tech support agents had with consumers, according to Comparitech, a pro-consumer website focused on researching and comparing tech services. Comparitech says it “stumbled” upon the databases and that they could have been accessed by anyone with a web browser.
“The nature of the data appears to be that much of the personally identifiable information was redacted,” commented Paul Bischoff, a tech writer, privacy advocate, and VPN expert at Comparitech.
“However, the researchers say that many contained plain text data including customer email addresses, IP addresses, geographical locations, descriptions of the customer service and support claims and cases, Microsoft support agent emails, case numbers and resolutions, and internal notes that had been marked as confidential.”
Microsoft quickly responds
To the untrained eye, this may seem like another ordinary oops from Microsoft, “but when you consider that Microsoft support scams are pretty rampant, it doesn't take a genius to work out how valuable such information would be to the fraudsters carrying out such attacks,” Bischoff said.
Comparitech says it contacted Microsoft when it happened upon the issue. Within 24 hours, the company fixed the situation and analyzed the data to make sure all was ok. It also said it contacted any consumer whose data may have been purloined.
“We’re thankful to (Comparitech) for working closely with us so that we were able to quickly fix this misconfiguration, analyze data, and notify customers as appropriate,” Eric Doerr, General Manager at Microsoft, told ConsumerAffairs.
Microsoft couched the incident as one of those “misconfigurations [that] are unfortunately a common error across the industry.” While that may be true, the company is reminding its customers that they should periodically review their computer settings to make sure they’re putting all available protections to good use.
To its credit, the company has been very proactive in that regard. The latest protection comes with the latest version of Microsoft Edge and Bing which, supposedly, gives users more control over their personal data and more transparency into what information is being collected by websites or advertisers.