1 min

Tags in this article

, , ,

A problem with a Microsoft ElasticSearch database has put 250 million users’ data on the street. The settings of the database were simply set to ‘public’ by accident.

The problem was discovered by Bob Diachenko, a security researcher at Security Discovery. Diachenko regularly discovers these kinds of high-profile data breaches. The data exposed by Microsoft includes customer service records that date back some 14 years, and includes email addresses, IP addresses, and support information. Microsoft did let it be known that most records do not contain any personal information.

In response to the configuration failure, Microsoft added that it will check its network security rules and expand the scope of tools that detect misconfigured security rules.

Common Error

“Misconfigurations are unfortunately a common error across the industry,” Microsoft’s Security Response Center stated. “We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. As we’ve learned, it is good to periodically review your own configurations and ensure you are taking advantage of all protections available.”

Chris DeRamus, co-founder of security firm DivvyCloud, told SiliconAngle that configuring a cloud server incorrectly is all too common. Recent incidents have occurred at companies such as Rubrik, Voipo, Gearbest, Meditab and Dow Jones.