Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Microsoft Security Shocker As 250 Million Customer Records Exposed Online
Forbes ^ | Jan 22, 2020 | Davey Winder

Posted on 01/22/2020 2:26:58 PM PST by dayglored

A new report reveals that 250 million Microsoft customer records, spanning 14 years, have been exposed online without password protection.

Microsoft has been in the news for, mostly, the wrong reasons recently. There is the Internet Explorer zero-day vulnerability that Microsoft hasn't issued a patch for, despite it being actively exploited. That came just days after the U.S. Government issued a critical Windows 10 update now alert concerning the "extraordinarily serious" curveball crypto vulnerability. Now a newly published report, has revealed that 250 million Microsoft customer records, spanning an incredible 14 years in all, have been exposed online in a database with no password protection.

Paul Bischoff, a privacy advocate and editor at Comparitech, has revealed how an investigation by the Comparitech security research team uncovered no less than five servers containing the same set of 250 million records. Those records were customer service and support logs detailing conversations between Microsoft support agents and customers from across the world. Incredibly, the unsecured Elasticsearch servers contained records spanning a period from 2005 right through to December 2019. When I say unsecured, I mean that the data was accessible to anyone with a web browser who stumbled across the databases: no authentication at all was required to access them, according to the Comparitech report.

[Much more, and many embedded reference links, at the link]

(Excerpt) Read more at forbes.com ...


TOPICS: Business/Economy; Computers/Internet; Hobbies
KEYWORDS: databreach; microsoft; microsoftsecurity; security; windows; windowspinglist
Navigation: use the links below to view more comments.
first 1-2021-33 next last
Yikes. Could be worse, but it's pretty awful.
1 posted on 01/22/2020 2:26:58 PM PST by dayglored
[ Post Reply | Private Reply | View Replies]

To: Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; AppyPappy; arnoldc1; ATOMIC_PUNK; bajabaja; ...
Microsoft security breach, WHOOPSIE ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

2 posted on 01/22/2020 2:27:54 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Ironically funny...............


3 posted on 01/22/2020 2:28:38 PM PST by Red Badger (Against stupidity the gods themselves contend in vain.......... ..)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Maybe they could offer a password manager as an enhancement to Explorer. /S


4 posted on 01/22/2020 2:31:04 PM PST by Pearls Before Swine
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Operating systems like Windows were designed so that advertisers, cookies, server farms could access your computer processes easily. They are primarily designed to work for the marketers and data miners. It’s why there are barn-door sized holes that hackers can drive Mack trucks through.


5 posted on 01/22/2020 2:32:23 PM PST by Fido969 (In!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored
From the article:
"...Those records were customer service and support logs detailing conversations between Microsoft support agents and customers from across the world..."
On the one hand, those were private conversations that could contain security-damaging exchanges and data.

On the other hand, they probably MOSTLY contained the same information as thousands of "support forum" pages on hundreds of public sites. The difference being that these are identified as real people and companies, not just anonymous forum handles.

Let's hope MS does better with their new JEDI contract.

6 posted on 01/22/2020 2:35:14 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored
Could be worse...

The Boston Glob, when it was owned by the NYT, once reused computer printouts of its credit card customers' info to wrap the hot off the presses bundles of its fishwrap, literally putting all that info out on the streets of greater Boston.

That was for a fairly limited time, not 14 years.

7 posted on 01/22/2020 2:41:03 PM PST by Calvin Locke
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pearls Before Swine

Someday a password manager company is going to be hacked. They have to be the juiciest targets around.


8 posted on 01/22/2020 2:44:01 PM PST by ProtectOurFreedom
[ Post Reply | Private Reply | To 4 | View Replies]

To: ProtectOurFreedom
Someday a password manager company is going to be hacked. They have to be the juiciest targets around.

I forgot the "/S". My bad.

9 posted on 01/22/2020 2:46:47 PM PST by Pearls Before Swine
[ Post Reply | Private Reply | To 8 | View Replies]

To: dayglored

Aw, gee whiz, Mr Wilson
First, my complete Office of Personnel Mgmt info, back to ‘80 was stolen by the Chinese!
Then, it was Yahoo, and all my stuff there!
Then, it was Capital One!
Now, it is Microsoft!!!!!


10 posted on 01/22/2020 2:46:52 PM PST by Terry L Smith
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Most of those recorded sessions probably went something like this:

“First, is your computer plugged in? Second, have you tried Ctrl-Alt-Delete? Third, is your mouse plugged in?”


11 posted on 01/22/2020 2:54:42 PM PST by ProtectOurFreedom
[ Post Reply | Private Reply | To 6 | View Replies]

To: dayglored
"Let's hope MS does better with their new JEDI contract."

Exactly what I first thought.

12 posted on 01/22/2020 3:09:01 PM PST by Tell It Right (1st Thessalonians 5:21 -- Put everything to the test, hold fast to that which is true.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: dayglored

This probably really helped out those spammers from India who claim to be from Microsoft. If you could recite past info then it would add to their credibility.


13 posted on 01/22/2020 3:13:27 PM PST by Revel
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Gee


14 posted on 01/22/2020 3:21:55 PM PST by a fool in paradise (We need a tax to stamp out Communism- If you espouse Marxism we’ll redistribute all of your money.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

If you give any information to any company of significant size, you should expect that information will get out into the wild. Any promises of privacy or data protection are functionally unenforceable and moot once the data is out there.


15 posted on 01/22/2020 3:21:59 PM PST by thoughtomator (... this has made a lot of people very angry and been widely regarded as a bad move.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored; 100American; 3D-JOY; abner; Abundy; AGreatPer; Albion Wilde; AliVeritas; alisasny; ...

Yes, apparently Jeff Daniels and Jim Carrey were in charge of Microsoft security.

PING!


16 posted on 01/22/2020 4:43:58 PM PST by Tolerance Sucks Rocks (Show me the people who own the land, the guns and the money, and I'll show you the people in charge.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ProtectOurFreedom
haha, literally it's this one:

To better assist you, please answer the following questions:

1. Did you make any changes to the system prior to the issue?
2. Do you have any third party security software installed in the computer?
3. Was the scan completed successfully?

I suggest you to try scanning the drives for error by following the steps below and check again.
1. Press Windows key + E.
2. Click "This PC".
3. Right-click the drive that you want to check, and then click Properties.
4. Click the Tools tab, and then, under Error-checking, click Check now. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Depending on the size of your drive, this might take several minutes. For best results, don't use your computer for any other tasks while it is checking for errors.

Let us know the result.

17 posted on 01/22/2020 5:39:02 PM PST by nicollo (I said no!)
[ Post Reply | Private Reply | To 11 | View Replies]

To: dayglored

Feeling happy I’ve never called Microsoft support.


18 posted on 01/22/2020 5:40:34 PM PST by mlo
[ Post Reply | Private Reply | To 1 | View Replies]

To: ProtectOurFreedom

I won’t use those for fear that it will get hacked someday. Just a matter of time.


19 posted on 01/22/2020 5:50:08 PM PST by Engedi (ui)
[ Post Reply | Private Reply | To 8 | View Replies]

To: mlo

Over the years I’ve contacted them several times. The outfit I worked for had a natural Affinity for breaking things. We stumped them a few times.


20 posted on 01/22/2020 5:57:24 PM PST by rockrr ( Everything is different now...)
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-33 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson