Redmond, Regensburg, Köln - 23. January 2020 - Sebastian Evers
A security researcher (Bob Diachenko) discovered the freely accessible database, which consists of a cluster of five Elasticsearch servers.Upon Diachenko's report to Microsoft on December 31, 2019, the company secured the servers the same day.
The database includes anonymized analysis data. Among other things, information such as email addresses, IP addresses and extensive details on the respective support process. According to Microsoft itself, a large part of the data records did not contain any personal information of those affected. "As part of Microsoft's standard practices, data stored in the support case analysis database is processed with automated tools to remove personal information," the software giant continues.
However, this is not necessarily a reason for a sigh of relief. At least not for those affected whose email address was saved, for example, as " first name last firstname.lastname@example.org ". Users affected in this way would be informed promptly of the serious data leak. Misuse of the data is currently not known - but in such cases it cannot be excluded for later use.
It is already considered the largest German data leak. The personal data of more than three million customers of the car rental company Buchbinder have been vulnerable on the Internet for weeks - accessible to everyone in the form of database backups. Addresses and telephone numbers - some of them from celebrities and politicians such as Robert Habeck from the party "Die Grünen" - were found there.
Also accident reports, damage pictures of vehicles, e-mail traffic - five million correspondence files - invoices and contracts as well as access data of Buchbinder employees were accessible to everyone.
More than nine million rental contracts from the past sixteen years are freely visible: These contain data such as names, addresses, date of birth, driver's license information and information about any mobile phone numbers and email addresses, as well as information on payments and complete bank details.
Such a comprehensive collection of personal information is the holy grail for criminals. The potential for possible crimes that can be committed with it is unfortunately immense.