Posted on 01/22/2020 2:26:58 PM PST by dayglored
A new report reveals that 250 million Microsoft customer records, spanning 14 years, have been exposed online without password protection.
Microsoft has been in the news for, mostly, the wrong reasons recently. There is the Internet Explorer zero-day vulnerability that Microsoft hasn't issued a patch for, despite it being actively exploited. That came just days after the U.S. Government issued a critical Windows 10 update now alert concerning the "extraordinarily serious" curveball crypto vulnerability. Now a newly published report, has revealed that 250 million Microsoft customer records, spanning an incredible 14 years in all, have been exposed online in a database with no password protection.
Paul Bischoff, a privacy advocate and editor at Comparitech, has revealed how an investigation by the Comparitech security research team uncovered no less than five servers containing the same set of 250 million records. Those records were customer service and support logs detailing conversations between Microsoft support agents and customers from across the world. Incredibly, the unsecured Elasticsearch servers contained records spanning a period from 2005 right through to December 2019. When I say unsecured, I mean that the data was accessible to anyone with a web browser who stumbled across the databases: no authentication at all was required to access them, according to the Comparitech report.
[Much more, and many embedded reference links, at the link]
(Excerpt) Read more at forbes.com ...
Ironically funny...............
Maybe they could offer a password manager as an enhancement to Explorer. /S
Operating systems like Windows were designed so that advertisers, cookies, server farms could access your computer processes easily. They are primarily designed to work for the marketers and data miners. It’s why there are barn-door sized holes that hackers can drive Mack trucks through.
"...Those records were customer service and support logs detailing conversations between Microsoft support agents and customers from across the world..."On the one hand, those were private conversations that could contain security-damaging exchanges and data.
On the other hand, they probably MOSTLY contained the same information as thousands of "support forum" pages on hundreds of public sites. The difference being that these are identified as real people and companies, not just anonymous forum handles.
Let's hope MS does better with their new JEDI contract.
The Boston Glob, when it was owned by the NYT, once reused computer printouts of its credit card customers' info to wrap the hot off the presses bundles of its fishwrap, literally putting all that info out on the streets of greater Boston.
That was for a fairly limited time, not 14 years.
Someday a password manager company is going to be hacked. They have to be the juiciest targets around.
I forgot the "/S". My bad.
Aw, gee whiz, Mr Wilson
First, my complete Office of Personnel Mgmt info, back to ‘80 was stolen by the Chinese!
Then, it was Yahoo, and all my stuff there!
Then, it was Capital One!
Now, it is Microsoft!!!!!
Most of those recorded sessions probably went something like this:
“First, is your computer plugged in? Second, have you tried Ctrl-Alt-Delete? Third, is your mouse plugged in?”
Exactly what I first thought.
This probably really helped out those spammers from India who claim to be from Microsoft. If you could recite past info then it would add to their credibility.
Gee
If you give any information to any company of significant size, you should expect that information will get out into the wild. Any promises of privacy or data protection are functionally unenforceable and moot once the data is out there.
Yes, apparently Jeff Daniels and Jim Carrey were in charge of Microsoft security.
PING!
Feeling happy I’ve never called Microsoft support.
I won’t use those for fear that it will get hacked someday. Just a matter of time.
Over the years I’ve contacted them several times. The outfit I worked for had a natural Affinity for breaking things. We stumped them a few times.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.