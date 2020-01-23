A massive security breach impacting about 250 million Microsoft users has come to light. The company admitted to the breach taking place last year, between Dec 5 and Dec 31, 2019 though the same was also promptly rectified despite it being a New Year’s Eve. The company also attributed the leak to some Azure security rules that were imposed on Dec. 5 and might not have been configured properly.

The breach came to light after it was discovered by Bob Diachenko, a security researcher with Security Discovery who said it was the company’s internal support database that got leaked accidentally. Also, the database spread across five Elasticsearch servers that were found to have been left without proper security measures.

Diachenko however said all the five servers appeared to be storing the same data, which means it is a single set of data that has been compromised while the others appear to be a mirror image of it. Diachenko added he eventually informed Microsoft about the leak with the latter doing its part in plugging the hole fast enough.

As for the damage done, that isn’t likely to be too big of an issue considering that the database contained anonymized data devoid of personally identifiable information of any user. Specifically, it is email addresses of the users, their IP addresses along with details of the case for which Microsoft support was sought that got leaked.

Microsoft meanwhile also said there isn’t anything to be too worried about the leak considering that the database has been redacted to remove user’s info using automated tools as part of the standard operating procedure the company has in place. However, the above does not apply in those cases where the customer might have sought company support using non-standard formatted data.

The company said they have started informing those users who are suspected to have been impacted while a thorough investigation is also been conducted to ensure there isn’t a repeat of the same happening anytime again.