[ad_1]
A series of security reports released over the weekend raised serious concerns about Microsoft's transparency following a recent data breach.
TechCrunch announced Saturday that hackers had been able to access the company's email service after compromising a customer support account. Microsoft has confirmed that someone using MSN.com, Hotmail.com, and Outlook.com accounts is affected, although it is difficult to determine the number.
The company contacted at least some affected users and assured them that the "contents of any email or attachment" had not been accessed. Regardless, he asked them to change their passwords.
The flaw, Microsoft said in an e-mail addressed to some customers, was limited to certain metadata, including folder and e-mail account names, as well as some limited content, such as e-mail subject lines. In a statement to TechCrunch, he also described the number of accounts assigned as "a limited subset of consumer accounts."
An email addressed to customers, including: used. (Note: In the eyes of the law, e-mail subject lines are actually considered content and not metadata.)
But when TechCrunch contacted Microsoft about the flaw, Mirosoft seems to have kept the worst of the news: e-mails have been compromised in some cases. The motherboard followed up with a leak, describing the full extent of the incident:
"[T]The problem is far worse than previously reported, as hackers can access email content from a large number of Outlook, MSN and Hotmail email accounts, according to a source that has witnessed the problem. 39; attack and described it before the Microsoft statement. as screenshots provided to the motherboard. "
In response to Motherboard's inquiries, Microsoft admitted that hackers had in fact had access to the e-mail content of certain customers. He also said that customers whose e-mails had been compromised in this way were warned, which shows that he was aware that the problem was more serious than he had announced at his first interrogation. by TechCrunch.
This is not a good look at it. Although the company now claims that only 6% of accounts accessed by hackers have access to email content have been compromised – 6% of what you may be asking for; The company did not say: its credibility is now questioned because it has not been direct with the extent of the damage.
Microsoft had the opportunity on Saturday, when it was approached for the first time by TechCrunch, to be completely transparent. But it was only when someone leaked information on the motherboard that Microsoft came in pure form.
"Really, what did Microsoft think would happen," Joseph Cox reported tweeted. "Inform only journalists of the exposure to the metadata, and then … do you expect everything to go well when someone discovers the content of the email?" Trying to keep the parts of a gap under the veil is never a good idea. "
The most detailed details of how the violation was committed remain largely unclear. Gizmodo asked Microsoft for additional information, but received an answer right away.
Since almost all businesses are likely to experience security breaches at one time or another, their choice to react publicly and full transparency with victims matters a lot. This can mean the difference between the fact that consumers are completely outraged by an offense or grateful that a company is taking immediate and appropriate action.
Microsoft does not have a long time to explain and we will update it if they do.
[TechCrunch, Motherboard]
[ad_2]
Source link