Microsoft data leak

250 mil­lion Microsoft sup­port data have been pub­licly acces­sible in December, enabling fraud­sters to poten­tially abuse these for phishing mails or tele­phone scams. Pro­tect your­self!

Over the period from 5th to 31st December 2019, 250 mil­lion entries con­taining Microsoft cus­tomer sup­port data have been left unpro­tected and pub­licly acces­sible. Once noti­fied, Microsoft is said to have reacted and closed this data leak within 24 hours. Cus­tomer data affected are pur­port­edly going back as far as 2005. They include chat record­ings, e-mail addresses and loca­tion data.

The fear now is that fraud­sters will be able to abuse this infor­ma­tion to draw up plau­sible spam­ming or phishing mails. With Microsoft, it would also be con­ceiv­able that these data are used by tele­phone scam­mers. Fake tele­phone sup­port by pur­ported Microsoft sup­port staff has been a peren­nial scam for years. So far it is not known whether any unau­tho­rised people were able to access these data.

How to pro­tect your­self:

  • Imme­di­ately ter­mi­nate any unso­licited calls by pur­ported Microsoft, other IT sup­port com­pany or finan­cial insti­tu­tion employees. Never rely on a number shown on your tele­phone dis­play to be actu­ally cor­rect.
  • Always call the offi­cial Microsoft, other IT sup­port com­pany or finan­cial insti­tu­tion offi­cial tele­phone number in case of any sup­port queries. These can be found on your bills or account state­ments.
  • Never dis­close any con­fi­den­tial infor­ma­tion, such as pass­words, during tele­phone calls.
  • Never use any links you receive by e-mail, SMS or mes­senger ser­vices, or scan in any QR codes to log into a Microsoft, IT sup­port com­pany or your finan­cial insti­tu­tion site.
  • Never fill in any forms received by e-mail asking you to enter log-in infor­ma­tion.
  • Always enter the address for your online ser­vice provider or finan­cial insti­tu­tion log-in page man­u­ally via the browser address line.
  • Check there is an SSL con­nec­tion (https://, lock symbol) when calling up a log-in page, and verify that the Internet address shown in the address bar of your browser actu­ally indi­cates that you have reached the cor­rect page.

Addi­tional infor­ma­tion can also be found in our arti­cles on phishing and fraud­u­lent sup­port calls.

Learn how to effec­tively pro­tect your­self against Internet fraud­sters by attending our course!

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend