Total Tests:

Microsoft database misconfiguration exposes 250M customer support records

By Bradley Barth for SC Media
Thursday, January 23, 2020

In its own blog post, the MSRC team said that the automated tools may have failed to redact certain data if it was originally entered in a non-standard format, for instance if an email address contained a space between the username component and the “@” symbol and domain name.

Ekaterina Khrustaleva, COO of web security company ImmuniWeb, said that the relative lack of PII in the dump is “irrelevant here, given that technical support logs frequently expose VIP clients, their internal systems and network configurations, and even passwords. The data is a gold mine for patient criminals aiming to breach large organizations and governments.”

It is not known if any unauthorized parties, including malicious actors accessed any of the leaked data in this particular case. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential