Hackers reported they compromised a Microsoft Corp. support agent’s credentials. This allowed the hackers gain unauthorized access to the company’s web-based email services like Outlook, MSN and Hotmail in the last three months of the year 2019.
This breach not only exposed information pertaining to some customer’s email accounts, but also the emails themselves according to areport by TechCrunch.
Microsoft informed the affected customers via email. One of those emails was posted by one of the users posted on Reddit: “We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account,” the message states. “This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails and the names of other email addresses you communicate with), but not the content of any emails or attachments, between January 1st 2019 and March 28th 2019.”
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson in comments provided to SC Media. The company also said that the total number of impacted customers was “limited” and that only about six percent of this affected group had their email content exposed.
It is unclear exactly how many customers were affected. An anonymous source said that the malicious hackers had access to Microsoft’s customer support portal, potentially enabling them to access any email account, provided it wasn’t a corporate- or enterprise-level account.
In its notification, Microsoft says it responded to the threat by disabling the compromised credentials and forbidding their future use of this account’s employee.
Although the company says it is not aware of the actors’ motives,
Microsoft has warned customers to look out for targeted phishing attacks
that leverage stolen information as a way of seeming more legitimate.
“For example, a phisher could use the same subject line as a recently sent or received email and add ‘Re:’ before to trick users into opening the email and possibly malicious documents that contain malware,” said Robert Vamosi, senior product marketing manager at ForgeRock. We recommend that “all users should make sure to check the sender’s email addresses of emails they receive to make sure they are legitimate.”
Microsoft recommends that users reset their email passwords as a precaution, even though customers credentials were apparently not impacted.
About the compromised support agent’s credentials, “There’s no doubt that Microsoft is scrambling to find out how the credentials were compromised, and to make changes so it doesn’t happen again,” Tim Erlin, vice president of product management and strategy at Tripwire. “When valid user credentials are compromised, it’s much more difficult to detect attacks because the activity seems legitimate. Clear, enforced separation of duties can help mitigate the scope of damage and force attackers into more detectable activities in order to escalate their level of access.”