Users of Microsoft email services such as Hotmail, MSN and Outlook have been warned to be vigilant after the tech giant admitted some user accounts were compromised.
Over the weekend, TechCrunch reported that the accounts of some users of web email services managed by Microsoft, including @hotmail.com and @msn.com, had been compromised. MSN Premium Account An email was sent out to affected users last week, saying adversaries would have been potentially able to access information such as their email address, contacts’ email addresses and subject lines. However, the notification also said that potential attackers couldn’t view the content of actual emails or attachments. The breach, which took place for three months between January 1 and March 28, came after a customer support agent’s credentials were compromised. But then things got confusing. Motherboard reported that the issue is in fact worse than originally thought: Hackers were able to access email content from a large number of Hotmail, MSN and Outlook accounts. Motherboard attributes this information to a source who had witnessed the attack in action. The source told the site that hackers were able to access any email account apart from corporate level accounts. The source also demonstrated that adversaries were able to see a user’s calendar and birth date. What does Microsoft say? Microsoft wasn’t particularly clear at first, but it did reveal some information to me in a statement over email. “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson told me. The tech giant says its notification to the majority of those impacted noted that bad actors would not have had unauthorized access to the content of emails or attachments. “A small group (~6% of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support,” according to the Microsoft spokesperson. Microsoft has increased detection and monitoring for the affected accounts and recommended that users change their passwords. The firm told TechCrunch: “You should be careful when receiving any emails from any misleading domain name, any email that requests personal information or payment, or any unsolicited request from an untrusted source.” What is the impact? It looks like some users might have been affected by the first reported compromise and a smaller amount by the second. Anyone who has received a breach notification from Microsoft will be impacted. The first comment from Microsoft said only high-level information was affected. This would have shown a hacker who the person was communicating with, the subject of the email and the birth date of the individual. This is fairly limited information which would be difficult to act on, says Andrew Martin, CEO and founder of cybersecurity company DynaRisk. “These people could be targeted with phishing scams pretending to be Microsoft support to encourage the person to install a virus on their PC - which could hold the person to ransom or lead to identity theft.” However, if hackers could access email content, it is much more concerning. “There may have been additional information in those support tickets that could be used against the victim,” says Martin. “Again, the cyber criminal could send scams to the victim tailored to the information they found inside the communication with Microsoft. For example, if the hacker knew the person was having a problem say upgrading to Windows 10, they could send the victim a ‘free Windows 10 upgrade’ email which would contain a virus. “The attacker could also send the person a 'Microsoft Password Reset' email which could trick the user into giving up username/password details so the adversary could log into their social media, banking or other accounts to commit identity theft." Therefore, the affected should be extra vigilant, particularly when downloading files and clicking on links, says Dave Palmer, director of technology at Darktrace. Call 1-856-514-8666 for help and support of MSN Premium Account.
0 Comments
Leave a Reply. |
DisclaimerRenewmsnpremium.com is an independent online technical support provider website offering remote tech support services for third party brands, products and services. we offers paid support assistance for brands, products and services with which we have no direct or indirect affiliation unless such relationship is expressly specified. All third party brands, trademarks, logos, products and company names mentioned on this site are used for representation purposes only and that they belong to their respective owners. Archives
September 2021
Categories
All
|