Misconfigured security command exposes 250 million Microsoft customer records


Microsoft has revealed a misconfigured security command was the culprit behind a leak of one of Microsoft’s internal customer support databases that exposed some 250 million customer records.

“Our investigation has determined that a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data,” explained the Microsoft Security Response Center team.

“Upon notification of the issue, engineers remediated the configuration on December 31, 2019 to restrict the database and prevent unauthorized access. This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services.”

Read more…
Source: ITPro