Microsoft said that applied to around 6 percent of a small number of impacted customers, although the company didn’t specify how many in total. When presented with this screenshot, Microsoft confirmed it had also sent breach notification emails to some users that did say the customer’s email content had been impacted.
They said the Microsoft support account used belonged to a high privileged user, meaning they likely have more access to material than other employees. On Sunday the source provided another screenshot of another page of the panel, with the label “Email Body” and the body of an email redacted by the source. Motherboard’s source, however, said that the technique allowed full access to email content. In its notification email, Microsoft said the hackers couldn’t access email content or attachments, and then in another section, that the company’s “data indicates” email contents could not have been viewed. The top of the panel has different sections such as “Profile,” “Mailbox Folder Stats,” “Admin Center,” and “Logon History.”
Some of the screenshots provided to Motherboard related to the attack show a panel with a list of account information that the hacker could access, including the customer’s calendar and birth date. Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on or email email adds that the hackers could have accessed email folder names, the subject lines of emails, and the names of other email addresses the user communicated with. “We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account,” an email from Microsoft to a victim, and posted to Reddit on Saturday, reads.
On Sunday, the source reiterated those details, and provided further information and screenshots of what kind of access the hackers had to Motherboard. The source described the attack, including how it relied on abuse of Microsoft’s customer support tool. This means that while paid, enterprise accounts that businesses pay for weren’t affected, normal consumer accounts were. In March, before Microsoft publicly confirmed the hack, the source told Motherboard that this abuse of a customer support portal allowed the hackers to gain access to any email account as long as it wasn’t a corporate level account.
0 kommentar(er)
