Hackers compromised support agent identification information to access customer email accounts – TechCrunch



After a mine of 773 million emails and tens of millions of passwords from various domains that were leaked in January, Microsoft faced another flaw in its webmail services.

Microsoft confirmed to TechCrunch that the number of its users who used Microsoft-managed webmail services (services such as @ msn.com and @ hotmail.com) was compromised.

According to an email sent by Microsoft to the concerned users (the reader who warned us received his late Friday night), malicious hackers have potentially been able to access the e-mail address of an assigned user, folder names, e-mail subject lines and names of others e-mail addresses with which the user communicates – "but not the contents of e-mails or attachments," Neither, it seems, login credentials as passwords.

Microsoft still recommends that affected users change their password anyway.

The breach occurred between January 1 and March 28, Microsoft's letter to users said.

Hackers have entered the system by compromising the identification information of a customer support agent, according to the letter. Once identified, this identification information was disabled. Microsoft told users that it did not know what data was being accessed by hackers or why, but warned that users could therefore see more phishing or spam emails. "Be careful when you receive emails from a deceptive domain name, an email asking for personal information or payment, or any unsolicited request from a non-compliant source." reliable."

We print the full text of the email below, but a separate email was sent to us by the Microsoft Information Protection and Governance team, confirming some basic details, adding that it increases the detection and monitoring of the accounts concerned.

Microsoft has recently become aware of a problem involving unauthorized access by cyber criminals to web-based email accounts of some customers. We solved this problem by disabling the compromised credentials for the limited set of targeted accounts, while blocking the authors' access. A limited number of consumer accounts were affected and we informed all affected customers. As a precaution, we have also increased detection and monitoring to better protect affected accounts.

TechCrunch understands that no business customer is affected.

At the present time, many questions remain. It is unclear how many people or accounts were affected, or in what territories they are located – but it seems that at least some were in the European Union, Because Microsoft also provides information to contact the Microsoft Data Protection Officer in the region.

We also do not know how the agent's identity information was compromised, whether it was a Microsoft employee, or whether that person was working for a third party providing support services. And Microsoft did not explain how he had discovered the breach.

We have asked Microsoft all of the above and will update this post as we learn more.

At this time when cybersecurity violations are revealed daily, email is one of the most commonly disclosed personal information items. A website has even been created to help people know if they are part of the hacked people. I was invited, as the site calls, now has more than 7.8 billion email addresses in its database.

We will update this post as we learn more. The Microsoft letter to the affected users follows.

Dear Customer

Microsoft is committed to providing customers with transparency. In order to maintain this trust and commitment to you, we inform you of a recent event that has affected your Microsoft managed email account.

We found that Microsoft technical support agent identification information was compromised, allowing people outside of Microsoft to access information from your Microsoft email account. This unauthorized access could have allowed unauthorized third parties to access and / or view information about your email account (such as your e-mail address, folder names, subject lines). e-mails and names of other e-mail addresses to which you communicate with), but not the contents of e-mails or attachments, between January 1 stst 2019 and 28 Marchth 2019.

As soon as he became aware of this problem, Microsoft immediately disabled the compromised credentials, forbidding their use for any other unauthorized access. Our data indicates that account information (but not e-mail content) could have been accessed, but Microsoft does not know why it was accessed or how it was used. As a result, you may receive phishing e-mails or other spam. Be careful when you receive emails from a deceptive domain name, an e-mail requesting personal information or payment, or any unsolicited request from an unreliable source (To learn more about phishing attacks, go to https://docs.microsoft.com/en-us/windows/security/threat- protection / intelligence / phishing).

It is important to note that your email login credentials have not been directly affected by this incident. However, as a precaution, you must reset your password for your account.

If you need additional assistance, or if you have additional questions, feel free to contact our Incident Response Team at [email protected] If you are a citizen of the European Union, you can also contact the Microsoft Data Protection Officer at the following address:

European Delegate for Data Protection
Microsoft Ireland Operations Ltd
A Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland
[email protected]

Microsoft regrets all the inconveniences caused by this problem. Be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in investigating and resolving the problem, as well as in strengthening the systems and processes to ensure that the data is safe and secure. avoid such a recurrence.


Source link