Microsoft Says Some Webmail Accounts Were Compromised (techcrunch.com) 23
A "limited" number of users of Microsoft's webmail services -- which include Hotmail, Outlook.com, and MSN -- "had their accounts compromised, TechCrunch reports.
"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said a Microsoft spokesperson in an email. According to an email Microsoft has sent out to affected users, malicious hackers were potentially able to access an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with -- "but not the content of any e-mails or attachments," nor -- it seems -- login credentials like passwords. Microsoft is still recommending that affected users change their passwords regardless.
The breach occurred between January 1 and March 28, Microsoft's letter to users said. The hackers got into the system by compromising a customer support agent's credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn't know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result.
The breach occurred between January 1 and March 28, Microsoft's letter to users said. The hackers got into the system by compromising a customer support agent's credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn't know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result.
Re: (Score:2)
Why can a customer support agent see this stuff? (Score:1)
Why do these random low-rent people get to look through email addresses, contacts, subjects, and organizational folder hierarchies?
Re: (Score:1)
If Google had support then it would be no different with them. Google side-skirts the issue by not offering any support whatsoever.
A limited number? (Score:2)
Re: (Score:2)
Based on the phishing emails sent... (Score:3)
... there are likely to be thousands of O365 accounts affected. It is rare that I don't see a half-dozen different organizations represented in "please look at this invoice" or "please review your payment" emails sent to our system accounts, each personalized for the company whose O365 accounts have been hijacked.
If one of our corporate clients had not switched over to O365 for their email services last year, I'd block anything coming from an outlook.com server, because it is rare that it is NOT a phishing email.
Alternate headline and article... (Score:2)
Everybody who didn't pay for a Microsoft email account had the entire contents of their mailbox at risk for the past 6 months...
"...the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access
Whose creds, again? (Score:2)
... got into the system by compromising a customer support agent's credentials, according to the letter.
Emphasis mine. So that bloke and everyone else with his access level can read your address book, subject lines, and folder names... by design? WTF, Microsoft?