Microsoft is the latest victim of a massive data breach of customer support data.
Microsoft’s data related to customer service, which contained conversations and information exchanged between support agents and customers was recently leaked in plain text. The records were kept in a database indexed by BinaryEdge search engine and was equivalent to 14 years of customer data. The leaked data was from December 2005 to December 2019 and was accessible using just a browser.
The leaked data was available for 2 days and had various sections of sensitive information. Information such as email IP addresses, locations, descriptions of CSS claims, remarks, case numbers, internal notes, etc. were available to exploit. The most threatening part of this data leak is that the data was available in plain text, which is easy to access, modify and read.
Availability of such sensitive data in plain text opens the door for various cyber attacks and exploits. The data breach can not only pose a threat to victim’s cyber world but also can be used to cause physical damages as location was compromised. Microsoft however has secured the data within 24 hours of notification about the breach.
NPAV recommends to keep sensitive data under personal inspection as no matter how giant a corporation is, data breaches are increasing in an alarming rate. Always keep a secure data backup and keep security features and patches updated.
Use NPAV and join us on a mission to secure the cyber world.