Anti-Phishing, DMARC , Email Threat Protection , Fraud Management & Cybercrime

Microsoft: Email Content Exposed in Customer Support Hack

Upgraded Warning Begs Questions About Compromise
Microsoft: Email Content Exposed in Customer Support Hack

Microsoft says intruders targeting its email services had access to email content for a single-digit percentage of the overall affected accounts, a more serious conclusion than first thought.

See Also: Evaluating Software Security Training Providers - A Buyers Guide

But the company hasn't released many details, including the total number of accounts affected.

Techcrunch reported Sunday Microsoft was sending notifications about an email account breach that occurred between Jan. 1 and March 28. The breach potentially exposed email addresses, email subject lines, folder names and other email contacts. But it wasn't believed attackers had access to actual email content.

That's now changed in light of a report in Vice's Motherboard on Monday, which says a source told it that the intruders did have full access to email content.

Advice: Reset Passwords

Motherboard's source provided a redacted screenshot showing the full content of an email, which the publication showed the company.

Microsoft sent at least one version of a breach notification email to users last week, which someone linked to on Reddit. The company said a customer support representative's account credentials were compromised and allowed access to accounts. The credentials were disabled when Microsoft discovered the problem.

Microsoft sent at least one version of a notification to customers affected by the email intrusion. (Source: Reddit)

"Our data indicates that account-related information (but not content of any emails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used," the notification says.

The company warns, however, that users could see phishing emails or spam. Although login credentials were not compromised, Microsoft nonetheless advises resetting passwords.

Number of Affected Accounts: Unknown

There are many lingering questions about the incident. Motherboard reports that its source contends the intrusion lasted six months or more, but Microsoft is sticking by its own three-month assessment.

The total number of accounts affected is also unclear. Microsoft told Motherboard that 6 percent of the affected accounts had full email content exposed. But that percentage is without perspective, because the total number of accounts affected has not been released. Microsoft's email services are used by hundreds of millions of people.

Microsoft officials contacted in Sydney on Tuesday did not provide information beyond what is already public.

Motherboard says it was tipped off about the hack last month before Microsoft confirmed it. The publication's source says the attack technique lent access to all types of accounts except for corporate ones, which are paid-for accounts.

Other screenshots provided by the source showed that hackers would have been also able to see account information, such as birth dates, calendars and login histories. The customer support account that was compromised likely belonged to a highly privileged user, Motherboard reported.

Motherboard's source also claimed that the access to email accounts was being leveraged to unpair Apple devices from iCloud accounts.

Apple ties devices to iCloud accounts so that if a device is lost, it is for the most part unusable unless it can be decoupled from its iCloud account. But as Motherboard reported in February, there are numerous methods to try and unlock a phone, from social engineering Apple employees to asking for iCloud credentials when mugging someone for their phone.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.