Microsoft has acknowledged that the service records of approximately 250 million (250 million) customers are at risk due to a “misunderstanding of an internal customer support database”. These records included data on support case conversations between customers and Microsoft employees around the world. Data from all Microsoft customers was left open and could be accessed from a web browser. Anyone could access this data without a password or requiring any authentication. The lapse was first reported by Bob Diachenko’s Comparitech Security Research Team.

The Cybersecurity Solutions Group, Corporate Vice President at Microsoft, gave in to the lapse Statement I have acknowledged the mistake and also assured that no personal data of any person has been misused in this. An investigation by Microsoft has found that a change made to the network security group of the database on December 5, 2019, mistakenly applied an incorrect security rule, which made the data publicly available. The company says that this error has been corrected on 31 December 2019 and the database has now been made secure.

This record included log files of conversations that took place over a time span of 14 years, from 2005 to December 2019. The company apologized to all the users and while learning from this mistake, has also given assurance of not making such mistake in future. The company also thanks Bob Diachenko for helping to correct this mistake.

This is not Microsoft’s first data security lapse. Earlier in 2013, hackers broke into the secret database of the company. This database used to record the information that tracked the problem in the company’s software. After this, between January and March 2019, hackers hacked the account of a Microsoft support agent. Apart from this, the company has also acknowledged the possibility of data breach of some Outlook users.