Microsoft fixes ‘error’ that exposed customer database
Microsoft on Wednesday said it conducted an investigation into a security breach of one of its customer databases and found records could have been exposed for a short period in December.
A misconfiguration in a database’s Azure security rules on Dec. 5 enabled exposure to millions of customer support records, according to a blog post from Microsoft on Wednesday. After being alerted of the issue, engineers fixed the problem as of Dec. 31. The company says there was no malicious use of the data but is disclosing the breach to be transparent to its customers.
“Misconfigurations are unfortunately a common error across the industry,” the company said. “We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. As we’ve learned, it is good to periodically review your own configurations and ensure you are taking advantage of all protections available.”
Most customer data stored in the databases had personal information redacted, Microsoft said. The company said it’ll contact customers whose info may have not been redacted.
Bob Diachenko, a security researcher with Comparitech, discovered the security lapse on Dec. 28. He alerted Microsoft about the issue on Dec. 29 leading to the fix two days later.