250 Million Customer Records Exposed Online, Microsoft Admitted Mistake, Microsoft admitted mistake, data of 25 crore users was breached

Microsoft has admitted that the service records of approximately 250 million (25 crore) customers have been compromised due to a “misconfiguration of the internal customer support database”. These records included data on support case interactions between customers and Microsoft employees around the world. All Microsoft customers' data was left open and could be accessed from a web browser. This data could be accessed by anyone without a password or any authentication required. The flaw was first reported by Bob Diachenko's CompariTech Security Research team.

In a statement, Microsoft's Corporate Vice President, Cybersecurity Solutions Group acknowledged the mistake and assured that no individual's personal data was misused. An investigation by Microsoft found that a change made to the database's Network Security group on December 5, 2019, accidentally introduced an incorrect security rule, causing the data to become openly available. The company says that this mistake has been fixed on December 31, 2019 and the database has now been made secure.

This record included log files of conversations that took place from 2005 to December 2019, i.e. over a period of 14 years. The company has apologized to all the users and has learned from this mistake and has also assured that such mistakes will not happen in future. The company has also thanked Bob Diachenko for helping fix this mistake.

This is not Microsoft's first lapse related to data security. Earlier in 2013, hackers had broken into the company's secret database. This database kept a record of problem tracking information in the company's software. After this, between January and March 2019, hackers hacked the account of a Microsoft support agent. Apart from this, the company has also acknowledged the possibility of data breach of some Outlook users.