Imagine checking your email and getting a message saying your account has been hacked. You never contacted the sender, have no idea what they’re talking about and don’t know why your account would be compromised. Yet somehow, the email arrived — which points to one probable cause: your address was leaked.
Data breaches and leaks are nothing new for most modern internet-dwellers, but it’s rare to see it happen to a major company or platform. When entities like Yahoo have breaches that affect billions of users, it becomes quite clear nobody is truly safe. Tap or click to see the fallout from one of the biggest hacks ever.
And when it comes to major companies, few are bigger than Microsoft. As the creator of Windows, Microsoft is closely connected with millions of PC owners from all over the world. And now, it’s announcing a huge database, with 250 million records, was exposed. If you use Windows, you don’t want to miss this.
Microsoft drops the ball
In a blog posted to the company’s official website, Microsoft announced that around 250 million of its customer support records were accidentally left on an open, unsecured server.
These records were used for analyzing support tickets, and several may have contained personally identifying information like email addresses. These records were left exposed during a period spanning from Dec. 5 to Dec. 31 of 2019.
This marks an unusual change of pace for Microsoft, which typically tries to stay ahead of the curve in terms of security. But as we all know, the results have been mixed. Tap or click here to learn more about the latest Windows security flaw.
Security researchers at Comparitech initially discovered the database before forwarding the information to Microsoft, which acted quickly and scrubbed the records of most personally identifying information. Out of an abundance of caution, it’s not claiming to have removed all of it.
The company does believe certain email addresses that contain blank spaces or were improperly formatted could have been missed by the scrubbing. Microsoft emphasizes the seriousness of the leak, and cautions users to be extra careful with emails they may receive in the near future.
I have a PC! Am I at risk?
From what we know, the issue seems to be related exclusively to users who called in for technical support. If you don’t remember doing so recently, you’re probably in the clear.
That said, it’s important to be aware of the information that was taken. From what Microsoft said, nearly all bits of personally identifying information were removed by the scrub — but data like email addresses may have been missed. This means your biggest threat will come from scam emails trying to scare you.
Following data breaches, it’s not uncommon for victims to get threatening emails that demand a ransom for their “compromised accounts.” Most of these emails are blatant scams. If only email addresses leaked, that’s the only piece of information these scammers have. The rest is pure social engineering.
To stay safe, you’ll need to use your best judgement and screen every email extra carefully. Even if it seems benign at first, be cautious with emails from people you don’t know. And whatever you do, avoid attachments! It’s one of the easiest ways to spread a virus.
It’s also an easy way to go from being a potential victim to a real one. If all this hack exposed is your email address, it’s best not to give hackers anything else to play around with.