Microsoft Exposed 250m Call Centre Records

Researchers have discovered that 250million Microsoft users’ call centre data was exposed thanks to an unsecured cloud.

The breach was discovered by Bob Diachenko, after five databases were indexed on a search engine on 28th December 2019.

Each database contained Microsoft Customer Service and Support (CSS) records that covered a 14-year period. Although the records didn’t contain passwords, they did contain phone conversations between Microsoft agents and customers that dated as far back as 2005.

The incident presented itself as a prime phishing target for cyber criminals as many of the records are said to have contained customer email addresses, IP addresses, support agent emails and notes regarding to the CSS case.

This would give cyber criminals the opportunity to impersonate agents and other companies, enabling them to infect victim computers and steal financial data.

Mr Diachenko informed Microsoft of the issue and the software giant was quick to respond by securing all of the data by December 31st.

Paul Bischoff, from Compareitech, said:

“With detailed logs and case information in hand, scammers stand a better chance of succeeding against their targets.

“If scammers obtained the data before it was secured, they could exploit it by impersonating a real Microsoft employee and referring to a real case number. From there, they could phish for sensitive information or hijack user devices.”