Microsoft Email Hack Shows the Lurking Danger of Customer Support

Getty Images

On Friday night, Microsoft sent notification emails to an unknown number of its individual email users—across Outlook, MSN, and Hotmail—warning them about a data breach. Between January 1 and March 28 of this year, hackers used a set of stolen credentials for a Microsoft customer support platform to access account data like email addresses in messages, message subject lines, and folder names inside accounts. By Sunday, it acknowledged that the problem was actually much worse.

After tech news site Motherboard showed Microsoft evidence from a source that the scope of the incident was more extensive, the company revised its initial statement, saying instead that for about 6 percent of users who received a notification, hackers could also access the text of their messages and any attachments. Microsoft had previously denied to TechCrunch that full email messages were affected.

It may seem odd that a single set of customer support credentials could be the keys to such a massive kingdom. But within the security community, customer and internal support mechanisms are increasingly seen as a potential source of exposure. On the one hand, support agents need enough account or device access to be able to actually help people. But as the Microsoft incident shows, too much access in the wrong hands can cascade into a dangerous situation.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson told WIRED. The company says that “out of an abundance of caution” it has increased threat monitoring for accounts impacted by the breach. Microsoft would not comment to WIRED on the scale of the attack or provide the total number of impacted accounts.

Without more…

Follow Me

Peter Bordes

Exec Chairman & Founder at oneQube
Exec Chairman & Founder of oneQube the leading audience development automation platfrom. Entrepreneur, top 100 most influential angel investors in social media who loves digital innovation, social media marketing. Adventure travel and fishing junkie.
Follow Me

More from Around the Web

Subscribe To Our Newsletter

Join our mailing list to receive the latest news from our network of site partners.

You have Successfully Subscribed!

Pin It on Pinterest