Microsoft Site Reveals Confidential Customer Data

Microsoft says it has plugged a security hole in its own Web site that allowed virtually any user to access a large amount of its private data about customer transactions and other confidential information

Paul Thurrott

October 10, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Microsoft says it has plugged a security hole in its own Web site that let virtually any user access a large amount of its private data about customer transactions and other confidential information. The hole involved an internal sales database that was mistakenly connected to the site's search functionality, letting anyone with a Web browser and the right know-how view customer service records. A security expert found the hole and notified Microsoft immediately.

"We were notified of this, we fixed the problem, and we're reviewing our internal systems to make sure proper procedures are followed to make sure this doesn't happen again," a Microsoft representative said. "This was a case of human error, and we will remain vigilant in our efforts to protect customer information and will not accept any breakdowns or failures in this process."

The hole revealed information about customers who had purchased Microsoft products directly from the company, exposing customer names and shipping information, as well as phone numbers and email addresses, although no credit card numbers were exposed. Adrian Lamo, the security expert who discovered the information, performed a similar hack on Yahoo!'s site last month, when he succeeded in breaking into the site and changing news stories.

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like