Microsoft had practically no security measures in place for listening to Skype and Cortana recordings by external contractors. In some cases, employees did that on their personal laptops from China. The log-in portal was also poorly secured.
That writes The Guardian after conversations with employees who translated or unsubscribed. This includes Skype’s conversations, and voice recordings that were spoken to smart assistant Cortana. Microsoft hired external companies who listened to such recordings for quality improvements. “Employees were barely screened,” one such employee told the British newspaper. The employees had to log in on a web portal to listen to the recordings.
That web portal was accessible from any computer, says the source of The Guardian. Employees were therefore able to open the recordings on their personal laptops. Some contractors worked from China, and listened to the recordings via the strictly monitored Chinese internet. This involved British and American users. The security of the portal was poor. It only needed a username and password, but no two-step verification. In addition, in some cases one account was created that was shared with several employees. That happened because of the convenience, the employee says. In addition, the login data in plaintext were sent to employees via email.
Microsoft, along with many other major tech companies, came under fire in the summer of 2019 because of listening in to recordings of users. At Microsoft it was about live translations made via the Skype chat app, and recordings of smart assistant Cortana to improve their quality. It involved a small, random selection of recordings that could be listened to by human employees. Employees also listened to recordings at Google, Apple and Amazon. Many of those listening-in programs have since been discontinued.