You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Microsoft says it has wrapped up an investigation into a "misconfiguration of an internal customer support database" used for support case analytics, in which customer records were exposed.
"Our investigation has determined that a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data. Upon notification of the issue, engineers remediated the configuration on December 31, 2019 to restrict the database and prevent unauthorized access," Microsoft stated in a blog post.
"I immediately reported this to Microsoft and within 24 hours all servers were secured," Diachenko said. "I applaud the MS support team for responsiveness and quick turnaround on this despite New Year's Eve."
Microsoft points out that the "vast majority of records were cleared of personal information," the result of using automated tools to redact certain info. However, that wasn't the case for every record.
Comparitech says "many records contained plain text data," including customer email addresses, IP addresses, locations, descriptions of support claims and cases, support agent emails, case numbers and remarks, and internal notes marked as "confidential."
"Even though most personally identifiable information was redacted from the records, the dangers of this exposure should not be underestimated. The data could be valuable to tech support scammers, in particular," Comparitech says.
