Microsoft was able to catch up in time for a data leak
Earlier this week, the U.S. firm suffered a leak that exposed more than 250 million user-owned files.
Although the content of this information was sensitive, the data leak lasted only a few moments. Preliminary information indicated that the disclosure was caused by an error by redmond's firm's customer service department. This is particularly the point of comparing IT protection and privacy solutions, Comparitech.
This article will also interest you: The Microsoft security flaw that caused the NSA to react
The information that was disclosed was made up of a set of metadata about the exchanges between Users of Microsoft's services and the firm's agents. This can be 14 years from 2005 to 2019. In addition, Comparitech has conducted a census of the information that has been disclosed, including "customer email addresses; IP addresses Descriptions of claims and cases handled by customer service and support Emails from Microsoft agents Case numbers, resolutions and remarks internal notes marked as "confidential."
Based on a timeline that was established regarding the data leak, the information contained in the 250 million files had been since December 28, 2019 on the search engine BinaryEdge. The problem was resolved by Microsoft between the night of December 30 and 31, just two days after the data leak, which was discovered by Comparitech just the day before, that is, December 29. The general public did not become aware of this case until January 21, three weeks after everything happened.
So the main question so far is: what really happened?
On the Redmond firm's side, leaked data has not been leaked long enough for it to be misused. And the fact that the resolution of this disclosure was quick to believe that it may be reaped for criminal purposes. Regarding the real cause of this leak, Microsoft explains that this is due to a bad configuration, configuration that would have been incorrect in terms of security rules, during the procedure of updating the Microsoft Azure platform on December 5, 2019 with the aim of adding some new features. In this statement, the US firm explains: "Configuration errors are unfortunately common in the industry.
We have solutions to avoid these kinds of errors, but unfortunately they have not been activated for this database. As we've learned, it's a good place to periodically review your own configurations and make sure you get all the protections available. »
Microsoft risks by this umpteenth leak to tarnish its brand image, especially as not more than last weeks, a vulnerability on Windows was discovered, requiring the intervention of the NSA.
Now access an unlimited number of passwords: