Attackers Actually Able to Read User Emails — Microsoft Hacked

Microsoft support agent's email hacked, customer emails compromised

Microsoft support agent's email hacked, customer emails compromised

Microsoft confirmed during the weekend that cybercriminals managed to compromise the account of a support agent and then access users' email accounts. Enterprise users were unaffected.

A report from Motherboard and citing an unnamed source with knowledge of the hack reveals that the attackers could "gain access to any email account as long as it wasn't a corporate level account".

In an email being sent to affected users, Microsoft claims that apart from the content of the emails including attachments, the hackers could have possibly viewed account email addresses, folder names and subject lines of the mails sent and received, The Verge reported on Saturday.

The worry was that even limited information like email subject lines could enable malicious parties to concoct a more convincing phishing scam to aim at the user whose email they have (and they could also employ extra details like the names of friends, gleaned from the email addresses the user has contacted).

Inspection Bites Eight Drivers At Richmond
Inspections for tonight at Richmond Raceway for the Toyota Owners 400 has seen a slew of cars failing and being sent to the rear. ET start time is the traditional start time for NASCAR Cup Series night races this season (with a few exceptions).

Microsoft didn't specify how many accounts were compromised, other than telling TechCrunch that "a limited number of consumer accounts were impacted, and we have notified all impacted customers".

Microsoft clarified that this "affected a limited subset of consumer accounts" and that the malicious activity began at the start of January 2019 and ran through to nearly the end of March, so essentially lasted three months.

By the looks of things, the breach occurred as part of a broader attack for iCloud unlocks, as hackers attempt to gain control of email accounts in order to bypass iPhone activation locks.

With access to our cloud data and PCs in many cases tied to our Microsoft accounts, which are also our Outlook.com email addresses, Microsoft owes it to users to be more clear about the compromise, and also how they will prevent it from recurring in the future.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.