Most complaints about the data leaks were form the US and Microsoft said it was affecting on a “low-single digit” percentage of customers.

Now the company has completed its investigation into the leak and has reported that it’s a “third party” service that’s responsible.

Microsoft are refusing to name the culprit, though they are saying that “We are in contact with the third party to assist them in making the necessary fixes.” and that in the interim they were looking at “potential workarounds” to the problem.  One workaround for instance could involve the developer of said app coming clean and users uninstalling it until a new, bug-free, version can be released.  This could cause a company tremendous harm however in the long term which is what Microsoft are clearly trying to avoid.

It’s still also possible at this stage that the offending app has been written and deployed either by a carrier, AT&T have been mentioned, or by a handset manufacturer.

At this stage though it’s anybodys guess and its unlikely that Microsoft will ever spill the beans.  A software update for the offending software will appear and it’s possible that only if its a carrier’s fault will we find out.  They would do this to make sure that none of their customers are billed for the excess usage.

Either way it’s good to know the fault has been found and better to know that it’s not a serious flaw with the operating system itself.  We’ll keep you updated if and when further news about this is released.

Today, TechCrunch ran the follow up story citing a second source and offering some clarification why the Last.fm staff members denied the leak. According to the story it was CBS, not Last.fm directly, that leaked the data dump to the RIAA, or as is suggested one of the music labels.

CBS seems to have given in to the demand because of fear that the streaming rates could be negatively impacted if they did not.

We believe CBS lied to us when they denied sending the data to the RIAA, and that they subsequently asked us to attribute the quote to Last.fm to make the statement defensible. Last.fm’s denials were strictly speaking correct, but they ignored the underlying truth of the situation, that their parent company supplied user data to the RIAA, and that the data could possibly be used in civil and criminal actions against those users. We believe that the outrage they aimed at us for reporting the story, which was materially correct, should have been aimed at CBS instead. But Last.fm never spoke publicly of the real facts of the story.

If data has been leaked – and the article speaks of IP addresses and usage data – then this could very well be a privacy disaster for Last.fm and CBS.

Think of past stories like top secret information in a digital camera that got sold for a few pounds on eBay or the discovery of an USB stick outside a pub containing information about 12 million British citizens.

This time it was mere paper that was responsible for a data leak. Most users would think that pre-computer age politicians would know how to handle at least secure information on paper properly. This is apparently not the case as police chief Bob Quick managed to carry a document marked secret in public which immediately caught the attention of bystanding photographers.

The document, which can be viewed on the Guardian’s website contained information about an anti-terrorist raid. The details were extensive including names, addresses and command structures. The raid had to be conducted in bright daylight because of the security leak.

As Dante, who send me a link to the story points out: “It’s not just electronic security that
counts. It’’s also what happens when a user prints out the data.”