Microsoft has admitted it exposed nearly 250 million customer service records owing to “misconfiguration of an internal customer support database” used for tracking support cases that included logs of conversations between Microsoft support agents and customers from all over the world.
All of the Microsoft customers” data was left accessible to anyone with a web browser, with no password or other authentication needed, it was reported first by the Comparitech security research team led by Bob Diachenko.
“While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and hold ourselves accountable,” Ann Johnson, Corporate Vice President, Cybersecurity Solutions Group at Microsoft said in a statement late Wednesday.