The Comparitech research team, led by Bob Diachenko, immediately alerted Microsoft to the issue upon discovery and the tech giant swiftly moved to secure the data. “I immediately reported this to Microsoft and within 24 hours all servers were secured,” Diachenko said. “I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve.” The data breach appeared to be serious error on Microsoft’s part, but it looks like things aren’t as bad as they could have been. Most personally identifying data - things like email aliases, contract numbers, and payment information - were redacted from the reports. Many of the reports did contain other sensitive information though, including customers’ email addresses, IP addresses, locations, case numbers, and details of their support conversations. While we know what data was vulnerable, we don’t know how long this information was exposed for, nor do we know if anyone actually found it before Comparitech alerted Microsoft. The exposed data could be extremely useful to scammers, particularly tech support scammers who pose as tech support agents to gain customers’ secure passwords and account information. If you receive unsolicited communications from someone claiming to be working for Microsoft or any other company, be sure to verify their email address and never give them your passwords or bank account details. If you’re looking to protect yourself further online, consider looking at our best VPN services (opens in new tab) and best antivirus (opens in new tab) guides to secure your online activities. And if you don’t know what a VPN is, we’ve got a hand guide for that explains what is a VPN (opens in new tab), and why do you need one?
