Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

eatmorekix writes: On Saturday, Microsoft confirmed that some users of the company's email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers' email accounts such as the subject lines of their emails and who they've communicated with. But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft's statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access to the content of some customers' emails.

Hackers! Reading email! With hacks! Hacking!

[Anonymous Coward]

Another headline that promises sensationalist clickbait bullshit and little else.

How about some real articles, slashdot edito.... n'mind.

I'd consider that quite a feat

[damn_registrars]

I've been trying to get back into my old hotmail address (really just out of curiosity at this point) for years now. I had a hotmail address back in the stone age of the service (before Microsoft had even bee rumored to be interested in buying it) and then I walked away from it. However the address still exists (emails can go there, and Microsoft won't let anyone sign up with it as a new address) but the password recovery / password reset tool doesn't work for it. If I try to reset the password I end up

Re:

[Anonymous Coward]

Yeah, I have an ancient pre-Microsoft Hotmail account - 7 letters (my name)@hotmail.com. I'm absolutely certain that Microsoft would do fuck-all in the event of me being locked out of my account.

I get a LOT of email meant for other people - if I'm bored, I sift through it and fire off some replies. I know how to live.

Re:

[Howitzer86]

Even if it's still there, there's a good chance it's cleaned it out and disabled. I registered mine back when Hotmail was still the name, but then a Gmail invite came from a friend and eventually I stopped logging into it. By the time I did it was basically a new account activation but with a "Welcome back" message. I lost all the old emails and contacts thanks to that.

Re:

[damn_registrars]

FWIW I haven't considered my old hotmail address to be valuable for anything for a long, long time. I mostly used it to register on geocities and other unimportant things (and some things that a younger version of myself thought were important at the time). It is highly unlikely that anyone who I would want to be in contact with would have ever attempted to contact me at that address, received no reply, and given up - while I'm not on facebook I am found in enough other places that finding a current email

Re:

[Shotgun]

an embedded tiny computer running MINIX in every Intel CPU sold (outside the US gov), combined with a low speed wireless interface on ALL Intel motherboards (unless the computer is in a Faraday cage) makes external exploits crude by comparison.

Faraday cage? You mean like those metal boxes that most people put their motherboards in?

You can abuse Microsoft Support?

[mykepredko]

Sounds nice after all the abuse and indifferent service I've gotten from them over the years.

Re:

[SeaFox]

I don't think we should abuse Microsoft Support. Their jobs are punishing enough already trying to come up with excuses for people for all the bugs in the products.

Better Title: Microsoft Abuses User Trust

[Anonymous Coward]

Why should anyone at MS have access to your hotmail account in the first place, let alone at customer support?

Duh

[nullchar]

Every admin reads email. Which BOFH doesn't have that t-shirt?

Use GPG or host your own with TLS. And even then, the other party must admin their own email with TLS, then you need Dnssec and other measures to prevent downgrade attacks.

Only safe way is encryption. And self hosting when you can't. And don't send anything important over email.

Re:

[account_deleted]

Comment removed based on user account deletion

hacked via phone

[BringsApples]

Hacking people over the phone is a lot easier than it should be. Every time I call an ISP for one of my clients, they ask me my name. then, "Oh sorry sir, your name is not in our records. I'd need to speak with the person listed as their manager. Then I just ask if the manager's name is whoever the manager really is. They tell me yes. Then I put them on the phone (I hand them the phone that's got the ISP on it already). The manager tells the ISP, "Yes, put BringsApples on the list of admins." Then I

So is MS going to pay the ransom?

[jrumney]

Now that anonymous hacker's story about hacking my email is shown to be at least partially true due to Microsoft's negligence, will Microsoft be paying into his bitcoin account to keep my private videos safe, or do I have to wait until they disclose the vulnerability in Internet Explorer that lets hackers access my webcam even if I use other browsers to view porn sites?