Microsoft breach - Msft support data breach

250 million Microsoft customer support records, spanning 14 years were exposed online without password protection. The Azure database was exposed from December 5 to December 31, 2019.

Misconfigurations are unfortunately a common error across the industry. We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database.  — Microsoft Security Response Center Team, January 22, 2020 Blog

Overview – Microsoft Support Data Breach

  • Microsoft has revealed it suffered a security breach in its customer support database.
  • In a blog post, MSFT said that it was accidentally exposed online between December 5 and December 31, 2019.
  • The database consisted of a cluster of five Elasticsearch servers on Azure.
  • They contained 250 million entries, with data such as email addresses, IP addresses, and support case details.
  • Microsoft said most of the records didn’t contain any personal user information (PII).
  • But there were some cases where customer support requests included non-standard formatted data.
  • In those cases, the data was not redacted and remained in the exposed database.
  • Microsoft said it notified impacted customers and that it hasn’t found any malicious use of the data.
  • Microsoft blamed the server exposure on misconfigured Azure security rules it deployed in December 2019.
  • Forbes and security provider Sophos both reported on the breach.

Enterprises Impacted – Microsoft Support Data Breach

If your enterprise was impacted by the Microsoft support data breach you will receive a notification letter from Microsoft.  It’s important to know that Microsoft will never call you regarding a data breach incident.  If you do get a call, it is most likely a scammer.

How is US Cloud Microsoft Support Data Secure?

US Cloud is receiving a steady stream of queries from current Microsoft Premier (now Unified) support customers who are considering US Cloud as a third-party alternative for enterprise Microsoft support services.  With the recent Microsoft breach, enterprises are concerned about the security of their support data.

Here is how US Cloud is different regarding Microsoft’s customer support data breach:

  • US Cloud Microsoft Support Data at Rest EncryptionAll US Cloud Premier Support databases are encrypted in transit and at rest.
  • All US Cloud Premier Support databases are stored in a secure private cloud.
  • US Cloud Premier Support databases are pruned to limit multi-year spanning.


Microsoft Premier (Unified) Support Alternative - US CloudAs of February 1, 2020 many businesses will no longer qualify for Microsoft Software Assurance benefits.  Since August 1, 2018 Microsoft Premier Support customers have seen a significant and steady decline in both the quality and time to resolution when Microsoft announced their transition from Microsoft Premier to the Unified model.  In essence, Microsoft’s support focus has shifted from serving businesses to large enterprises. Those looking for an alternative should contact US Cloud.  Request a quote »