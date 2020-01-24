Microsoft has admitted to exposing over 250 million of its customer service records a database error, leaving it vulnerable to attack. The company, through its blog post, stated that a security researcher had alerted them about the vulnerability in 2019, which was fixed within a span of two days.

The data was left vulnerable due to misconfiguration of an internal customer support database used for Microsoft support case analytics, said Microsoft. The Windows OS-maker states that it has found no malicious use of the vulnerable data, and wants to be transparent about the incident to its customers. The company holds itself accountable for the incident and is taking various measures to prevent such future occurrences.

The misconfiguration occurred after Microsoft had updated the new security rules on December 5, which led to the data being exposed. The company was notified on December 29, and it remediated the error by December 31. In spite of the data being vulnerable for 24 days, Microsoft claims that there was no breach of customer data.

Microsoft further notified that the issue was specific to its internal database used for support case analytics and had no effect on its commercial cloud services. Such errors are very common across the industry, according to Microsoft, which hadn’t enabled the tools that prevent such errors. The company suggests customers to periodically review their own configurations of the system.