Hackers could read your Hotmail, MSN and Outlook emails by abusing Microsoft technical support



[ad_1]

On Saturday, Microsoft confirmed to TechCrunch that some users of the company's email service had been targeted by hackers. A hacker or hacker group first entered a customer support account for Microsoft and then used it to access information about customers' email accounts, such as the subject lines of their emails and the people with whom they communicated.

But the problem is much worse than previously reported, with hackers accessing email content from a large number of Outlook, MSN and Hotmail email accounts, according to a source that witnessed the attack and the described before the Microsoft statement, as well as screenshots provided to the motherboard. Microsoft has confirmed to the motherboard that hackers had access to some clients' email content.

In March, before Microsoft publicly confirmed the hacking, the source told Motherboard that this abuse of the customer support portal allowed hackers to gain access to any email account as long as it did not. did not act as a professional level account. This means that, while being paid, the business accounts for which the companies pay have not been affected, but the normal consumer accounts. The source described the attack, including how it relied on the misuse of the Microsoft Customer Support Tool. On Sunday, the source reiterated these details and provided additional information and screenshots of hackers' access to the motherboard.

"We found that the identity information of a Microsoft support agent was compromised, allowing people outside of Microsoft to access information from your Microsoft email account," reads an email address. to a victim by Microsoft.

Do you have a tip? You can contact this reporter safely on Signal at +44 20 8133 5190, on the OTR chat on [email protected] or by email at [email protected].

The e-mail adds that hackers could have accessed the names of folders, the subject lines of e-mails and the names of other e-mail addresses with which the user communicated. Some of the screenshots provided to the motherboard during the attack show a panel with a list of account information that the hacker could access, including the client's calendar and birth date. The top of the panel has different sections such as "Profile", "Mailbox Folder Statistics", "Administration Center" and "Connection History".

In his notification e-mail, Microsoft indicated that hackers could not access email content or attachments, and in another section, that the company's data "indicate that" the contents of the e-mail e-mails could not be viewed.

The source of the motherboard, however, said the technique allowed full access to the content of the email. On Sunday, the source provided another screenshot of another page of the panel, with the caption "Body of the email" and the body of an e-mail written by the source. They stated that the Microsoft support account used belonged to a user enjoying elevated privileges, which means that they probably have more access to resources than other employees.

When presenting this screenshot, Microsoft confirmed that it had also sent violation notification emails to certain users, stating that the client's email content had been affected. Microsoft stated that this applies to approximately 6% of a small number of affected customers, but does not specify the total number of customers.

"We solved this problem, which was affecting a limited subset of consumer accounts, disabling compromised credentials and blocking authors' access," Microsoft spokesman told Motherboard .

Microsoft, like many other technology giants, has the ability to scan or read user messages. In 2014, Microsoft viewed the email account of a French blogger to identify a leak in Windows 8.

In his violation notification email, Microsoft said that it had immediately disabled the compromised customer support account when the company had discovered the problem. The source said Microsoft had noticed the attack at the end of March and that hackers had access to it for at least six months.

The source stated that this access was used in the so-called iCloud Unlock, where hackers would compromise the target's email or iCloud account to remove Activation Lock from their iPhone. It is an Apple security feature that prevents thieves from factory reset stolen devices and resell them.

Subscribe to our new podcast about cybersecurity CYBER.

[ad_2]

Source link