Commentary on Microsoft Data Breach by Sophos

Microsoft has recently announced a data breach that affected one of its customer databases through a blog article, entitled Access Misconfiguration for Customer Support Databases. It admits that between 5 December 2019 and 31 December 2019, a database used for “support case analytics” was effectively visible from the cloud to the world.

Microsoft did not give details on how big the database was. However, consumer website Comparitech, which says it discovered the unsecured data online, claims it was to the order of 250 million records containing “logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019”.

To help keep users safe and secure, Sophos is providing the following advice to avoid being scammed after this data breach.

Paul Ducklin, Principal Research Scientist at Sophos, said:

“Hundreds millions of records were exposed, but it sounds as though comparatively few people actually had recognizable email addresses in the leaked database. In other words, most people won’t actually receive warnings from Microsoft – but might well receive “warnings” from crooks claiming to be Microsoft.

Remember: don’t click on links in security warnings, even if you think they’re real. That way you will avoid ending up on phishing sites by mistake, and you won’t put in your password where you shouldn’t. Find your own way to any login pages you use, and never let yourself be frightened or cajoled into relying on contact data provided in an email.”

For more information, visit the Sophos portal.

Have a comment? Type it below!