Incidents of data breach have been gracing the tech news throughout the previous year. Although the data breach in question also pertains to the lapsed year, it has come to light in January of 2020. Today, Microsoft officially announced a data breach that affected a customer database.
A consumer website called Comparitech claims to have discovered the unsecured database online and reported the issue to Microsoft. The website puts the tally of the exposed database to the tune of 250 Million records, which is a massive figure even by Microsoft standards.
The exposed database comprised of conversation logs between Microsoft’s support staff and customers from across the globe. These logs relate to a 14 year period from 2005 to the December of 2019. Once the issue was highlighted, Microsoft eventually secured the data.
As is the case with most data breaches, Microsoft is tight lipped about the actual quantum of the exposed database and the nature of data itself which was left exposed from Dec 5th, 2019 to Dec 31st, 2019. In its official statement, Microsoft has stated that the records in question were cleared of all personal information.
Given that clearing records of personal info is a daunting task, it is performed by automated tools. Microsoft has admitted that some personal records may not have been successfully cleansed from the database, leaving room for a potential misuse of such information.
Microsoft has stopped short of revealing the specifics of such omitted records. A cited example of exposed records is that of email IDs with a space in them. As a consolation though, Microsoft has promised to notify all parties individually whose info could not be cleansed by automated tools.
Whether this actually happens or not is yet to be seen but one thing is for sure, this will serve as a great opportunity for spammers and malware propagators. Even if you may not be affected, be prepared to receive a hefty bunch of emails enticing you to click on “links” to validate or secure your breached account.
To stay clear of any such cyber trap, strictly avoid clicking on any links embedded in emails, no matter how authentic the sender may appear. The safe presumption in this scenario would be that either your data was not part of the recently exposed database or it may have been cleansed by the automated tools used by Microsoft.