The trove of information is potentially a scammer’s bonanza.
Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams.
Microsoft said it is in the process of notifying affected customers.
The Comparitech security research team said that it ran across five Elasticsearch servers that had been indexed by search engine BinaryEdge, each with an identical copy of the database. The database contained a wealth of phishing- and scam-ready information in plain text, including: Customer email addresses, IP addresses and physical locations, descriptions of customer service claims and cases, case numbers, resolutions and remarks, and internal notes marked “confidential.”
In short, it’s everything a cybercriminal would need to mount a convincing and large-scale fraud effort, Comparitech researcher Paul Bischoff wrote in a posting on Wednesday.
“The data could be valuable to tech support scammers, in particular,” he said. “Tech support scams entail a scammer contacting users and pretending to be a Microsoft support representative. These types of scams are quite prevalent, and even when scammers don’t have any personal information about their targets, they often impersonate Microsoft staff. Microsoft Windows is, after all, the most popular operating system in the world.”
For More Details : https://threatpost.com/microsoft-250m-customer-service-records-open/152086/