Home Page Navigation Contents Contact Sitemap Search

Microsoft data leak

250 mil­lion Microsoft sup­port data have been pub­licly acces­sible in December, enabling fraud­sters to poten­tially abuse these for phishing mails or tele­phone scams. Pro­tect yourself! 

Over the period from 5th to 31st December 2019, 250 mil­lion entries con­taining Microsoft cus­tomer sup­port data have been left unpro­tected and pub­licly acces­sible. Once noti­fied, Microsoft is said to have reacted and closed this data leak within 24 hours. Cus­tomer data affected are pur­port­edly going back as far as 2005. They include chat record­ings, e-mail addresses and loca­tion data.

The fear now is that fraud­sters will be able to abuse this infor­ma­tion to draw up plau­sible spam­ming or phishing mails. With Microsoft, it would also be con­ceiv­able that these data are used by tele­phone scam­mers. Fake tele­phone sup­port by pur­ported Microsoft sup­port staff has been a peren­nial scam for years. So far it is not known whether any unau­tho­rised people were able to access these data.

How to pro­tect yourself:

  • Imme­di­ately ter­mi­nate any unso­licited calls by pur­ported Microsoft, other IT sup­port com­pany or finan­cial insti­tu­tion employees. Never rely on a number shown on your tele­phone dis­play to be actu­ally correct.
  • Always call the offi­cial Microsoft, other IT sup­port com­pany or finan­cial insti­tu­tion offi­cial tele­phone number in case of any sup­port queries. These can be found on your bills or account statements.
  • Never dis­close any con­fi­den­tial infor­ma­tion, such as pass­words, during tele­phone calls.
  • Never use any links you receive by e-mail, SMS or mes­senger ser­vices, or scan in any QR codes to log into a Microsoft, IT sup­port com­pany or your finan­cial insti­tu­tion site.
  • Never fill in any forms received by e-mail asking you to enter log-in information.
  • Always enter the address for your online ser­vice provider or finan­cial insti­tu­tion log-in page man­u­ally via the browser address line.
  • Check there is an SSL con­nec­tion (https://, lock symbol) when calling up a log-in page, and verify that the Internet address shown in the address bar of your browser actu­ally indi­cates that you have reached the cor­rect page.

Addi­tional infor­ma­tion can also be found in our arti­cles on phishing and fraud­u­lent sup­port calls.

Learn how to effec­tively pro­tect your­self against Internet fraud­sters by attending our course!

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information