Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft: Hackers Compromised Support Agent’s Credentials to Access Customer Email Accounts

posted by Fnord666 on Tuesday April 16 2019, @10:59AM   Printer-friendly
from the social-engineering++ dept.

upstart writes:

Submitted via IRC for SoyCow1984

Microsoft: Hackers compromised support agent’s credentials to access customer email accounts

On the heels of a trove of 773 million emails, and tens of millions of passwords, from a variety of domains getting leaked in January, Microsoft has faced another breach affecting its web-based email services.

Microsoft has confirmed to TechCrunch that a certain “limited” number of people who use web email services managed by Microsoft — which cover services like @msn.com and @hotmail.com — had their accounts compromised.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson in an email.

According to an email Microsoft has sent out to affected users (the reader who tipped us off got his late Friday evening), malicious hackers were potentially able to access an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with — “but not the content of any e-mails or attachments,” nor — it seems — login credentials like passwords.

Microsoft is still recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft’s letter to users said. 

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft: Hackers Compromised Support Agent’s Credentials to Access Customer Email Accounts | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by VLM on Tuesday April 16 2019, @12:05PM (1 child)

    by VLM (445) on Tuesday April 16 2019, @12:05PM (#830365)

    “but not the content of any e-mails or attachments,”

    1) Possibly they're lying or talking thru the nonsense journalist filter

    2) Possibly the unauthorized users COULD have accessed email texts and attachments but IDS monitoring and extensive (creepy big brother is watching stuff) proves they did not.

    3) Possibly they have a REALLY weird infrastructure; how does one implement this in practice using real IT terms and concepts such that someone has access to "From:" and "To:" lines in the email text but not the body or attachments? I'm just saying it sounds difficult to implement if you wanted to simulate this intentionally. Of course I've got a lot of unix-alike experience and maybe this insanity is normal for MS email server deployments for some weird internal design reasons (increase caching efficiency or something, maybe the unauth users only got access to cached data and not the actual data?) MS stuff is just weird so I could believe it.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Tuesday April 16 2019, @01:53PM

    by Anonymous Coward on Tuesday April 16 2019, @01:53PM (#830389)

    "Possibly they have a REALLY weird infrastructure"

    Not so much. The email text is small so it is processed by the FBI, the file attachments are large so they are processed by the NSA. Two databases with a common index, easy peasy.