Microsoft admits data leak of 250 million users after customer service, support records were exposed on the web

A data breach of 250 million Microsoft users has been brought to light by the Comparitech security research team, which is led by Bob Diachenko. The researchers found that 250 million Customer Service and Support records were exposed on the web.

Microsoft has since acknowledged the data breach saying it was due to “misconfiguration of an internal customer support database”, which the company uses for tracking support cases. This includes logs of conversations between Microsoft support agents and customers of 14 years.

The company says it fixed the vulnerability on 31 December 2019.

The researchers reveal that most of the leaked data like “emails, contact numbers, and payment information” were redacted. However, a large portion of the leaked data reportedly was also in plain text, which included, but was not limited to, customer email addresses, IP addresses, locations, Microsoft support agent emails, case numbers, resolutions, and remarks and internal notes marked as “confidential”.