Sensitive Skype, Cortana recordings reviewed on insecured PCs in China
A few months ago, Motherboard made a shocking revelation that Microsoft has been sending "poorly secured" Cortana and Skype recordings to human contractors. Now, building on that claim, The Guardian has uncovered new details highlighting just how lax the Redmond giant's security practices really were when it came to protecting the sensitive conversations of its customers. Here's all about it.
Recordings sent to company in China with almost no security
After speaking to a former contractor employed by Microsoft, the outlet learned that for several years, recordings from Skype's language translation feature as well as Cortana were sent to a company in China. The data, as we previously knew, was sent for the purpose of review and grading, but according to the contractor, the firm in question took "no security measures" to protect it.
Workers allowed to review recordings on personal computers
The Chinese company allowed its employees to review Skype and Cortana recordings on their personal computers while working from their homes across Beijing. According to the contractor, the Chrome web app that provided access to the recordings only worked with a username and password. Beyond that, no additional security measures (like two-factor authentication) were used to prevent unauthorized access from homes.
Same passwords given to employees via email
More worryingly, the contractor claimed that the Chinese company gave the same password to the employees it hired for the grading job over a given year - for "ease of management". Also, the credentials it gave to the new workers were sent in plain text via email and these people weren't even properly vetted before being selected for the job.
Here's what the contractor said
"I heard all kinds of unusual conversations, including what could have been domestic violence," the contractor said. "It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email," he added.
Microsoft says its grading programs are not in China anymore
After the original Motherboard report, Microsoft said it had ended its grading programs for Skype and Cortana for Xbox and the remaining ones have been moved to secure facilities. "This past summer...we updated our privacy statement to be even more clear about this work, and since then we've moved these reviews to secure facilities in a small number of countries," Microsoft told The Guardian.
