Microsoft email accounts compromised in breach


By Dylan Bushell-Embling
Wednesday, 17 April, 2019


Microsoft email accounts compromised in breach

Microsoft has admitted that hackers had gained access to the email accounts of some Hotmail, MSN and Outlook email users for at least a three-month period by abusing a customer support portal.

The company may also have been caught out initially underselling the severity of the breach.

Microsoft first confirmed to TechCrunch on Saturday that a "limited" number of free Microsoft web-based email accounts had been compromised by malicious hackers, stating that the attackers were potentially able to access the affected users' email address, folder names, the subject lines of emails and other data, but not the contents of emails or attachments.

But after Vice's Motherboard published a report detailing the breach using details provided by "a source who witnessed the attack in action", the company confirmed that hackers had gained access to the content of some customers' emails as well. The company told Motherboard that email content had been affected for around 6% of the affected customers.

According to the source, the attack involved using a compromised highly privileged customer support account to bypass the account login stage and access the content of email accounts. While the source claims that the breach took place over a six-month period, a notification sent to affected customers states that the accounts were exposed between January 1 and March 28 this year.

The notification states that no account login details were impacted, but still recommends that impacted customers change their passwords as a precaution.

Proofpoint Cyber Security Executive Vice President Ryan Kalember said privileged customer service accounts are an enticing target for cybercriminals.

"Because of the level of access that can be granted from a single compromised account, cybercriminals often target employees that are located deep within an organisation and are not necessarily known or actively tracked by the security team rather than target a company's infrastructure," he said.

"Customer service accounts are squarely in their crosshairs, both because of the level of access these credentials have and because these users often have to interact with untrusted links and attachments as part of their normal job functions. Clever attackers have also targeted shared [customer service] accounts, as these shared mailboxes reach many users and are difficult to protect with multi-factor authentication."

No paid enterprise email accounts were affected in the breach, according to Microsoft. The company said that in response to the breach it has disabled the compromised customer service credentials and has engaged its internal privacy and security teams to investigate the attack.

Image credit: ©stock.adobe.com/au/lekkyjustdoit

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Nation-state actors have their sights on the cloud

Prioritising the protection of credentials and adopting robust security measures can better...

Combating financial crime with AI

Rapid digital transformation across Australia and New Zealand has provided cybercriminals with...

Learning from the LockBit takedown

An international taskforce has seized the darknet sites run by LockBit, but relying on law...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd