Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams. Microsoft said it is in the process of notifying affected customers. The Comparitech security research team said that it ran across five Elasticsearch servers that had been indexed by search engine BinaryEdge, each with an identical copy of the database. The database contained a wealth of phishing- and scam-ready information in plain text, including: Customer email addresses, IP addresses and physical locations, descriptions of customer service claims and cases, case numbers, resolutions and remarks, and internal notes marked “confidential.”
Source: ThreatPost
