250 million Microsoft customer support records, spanning 14 years were exposed online without password protection. The Azure database was exposed from December 5 to December 31, 2019.
Misconfigurations are unfortunately a common error across the industry. We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. — Microsoft Security Response Center Team, January 22, 2020 Blog
Overview – MSFT Support Data Breach
Microsoft has revealed it suffered a security breach in its customer support database.
In a blog post, MSFT said that it was accidentally exposed online between December 5 and December 31, 2019.
The database consisted of a cluster of five Elasticsearch servers on Azure.
They contained 250 million entries, with data such as email addresses, IP addresses, and support case details.
Microsoft said most of the records didn’t contain any personal user information (PII).
But there were some cases where customer support requests included non-standard formatted data.
In those cases, the data was not redacted and remained in the exposed database.
Microsoft said it notified impacted customers and that it hasn’t found any malicious use of the data.
Microsoft blamed the server exposure on misconfigured Azure security rules it deployed in December 2019.
Forbes and security provider Sophos both reported on the breach.
Enterprises Impacted – Microsoft Support Data Breach
If your enterprise was impacted by the Microsoft support data breach you will receive a notification letter from Microsoft. It’s important to know that Microsoft will never call you regarding a data breach incident. If you do get a call, it is most likely a scammer.
How is US Cloud Microsoft Support Data Secure?
US Cloud is receiving a steady stream of queries from current Microsoft Premier (now Unified) support customers who are considering US Cloud as a third-party alternative for enterprise Microsoft support services. With the recent Microsoft breach, enterprises are concerned about the security of their support data.
Here is how US Cloud is different regarding Microsoft’s customer support data breach:
All US Cloud Premier Support databases are encrypted in transit and at rest.
All US Cloud Premier Support databases are stored in a secure private cloud.
US Cloud Premier Support databases are pruned to limit multi-year spanning.
Optimize MSFT Support Costs Now to Emerge Stronger Than Competitors
Gartner has identified US Cloud as the only independent third-party support alternative to Microsoft. Enterprises can replace MSFT Premier/Unified with US Cloud and drop an immediate costs savings of 30-50% in year 1.