Thanks Bink for this! Microsoft took a public file server offline Tuesday after Internet users discovered that the system contained scores of internal Microsoft documents, including a huge customer database with millions of entries.
The file transfer protocol server ordinarily enables Microsoft customers to download drivers, software patches and other files, as well as to upload files to the company"s Product Support Services team.
But due to what experts say was an ineffective internal security policy, the public was able to have full access to folders containing confidential company presentations, spreadsheets, internal reports and other company information.
Among the files accessible to any Internet user was a 1 GB database containing millions of names and mailing addresses. The data was kept in a compressed archive named dmail_11_04_02.zip. The file, which was protected with the password "dbms," was easily opened with freely available password-cracking software.