Friday night news dump: Microsoft says a compromised support agent’s credentials were used to hack into Outlook.com accounts earlier this year

Topic

New Reply

From Tom Warren on The Verge: Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this
[See the full post at: Friday night news dump: Microsoft says a compromised support agent’s credentials were used to hack into Outlook.com accounts earlier this year]

3 users thanked author for this post.

Elly, Pepsiboy, PhotM

Reply | Quote

Replies

… but not “into” email content, login details or personal information.

 

“…additional hardening of systems and processes to prevent such recurrence.”

Hopefully two-factor authentication for support agents if their tasks are accessible externally?

 

Passwords really are a pain for everyone, but there seems no agreement how to move beyond them (or even how to manage them for now, until something better comes along.)

 

3 users thanked author for this post.

lurks about, Curlew, woody

Reply | Quote

Passwords and to a lesser extent tokens are a pain but they have on advantage over biometrics. They can be changed when needed, biometrics cannot. So we will be stuck with passwords and tokens into the future.

Paraphrasing Churchill, Passwords are the worst security method but I cannot think of a better method.

Reply | Quote

Has this not happen before with the dark net hack that has been for sale since Windows 10 was release? MS still has not fixed it. There is supposedly a vulnerable that lets any one get into outlook.com email account without a user password. Only requirement is that user use outlook email as their account in Windows 10.

Reply | Quote

Any idea if this just affects outlook.com addresses or the entire outlook.com platform, including hotmail users?

Reply | Quote

Any idea if this just affects outlook.com addresses or the entire outlook.com platform, including hotmail users?

It has impacted everyone to my knowledge. I have had over 200 clients call me up that had outloook and hotmail that they got an email from MS about being hacked and what that need to do. This is one of the reason that I am recommending my clients to move away from MS.

Reply | Quote

That’s simply not true! There’s three Hotmail users right here in this house that have old original Hotmail addresses and not one of us has heard from MS about being compromised.

Reply | Quote

If Microsoft is unable to secure their own equipment, HOW can we expect them to keep OURS secure???

For me, this is ANOTHER reason to steer away form their stuff.

Many thanks to Woody and the crew for doing what you do to keep us safe ! ! ! !

Dave

Reply | Quote

You blame Microsoft without knowing how the hack occurred? It reads very much like an employee failure.

Social engineering can do more than trick a home user into running a dud program. Hacks are not always done by pimply child geniuses cracking a password.

https://www.youtube.com/watch?v=Ck_r2GYLdCI

 

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

1 user thanked author for this post.

Ed

Reply | Quote

Just another example of why I never use IMAP. POP and remove messages from the server. They’ll have to hack my machine, not MS, Google, Yahoo or whatever.

Once had a client who had her business email account hacked and the perp monitored their activity for 2 months. Had everything – signatures, contacts, writing style – all of it.  Client had a bank transfer of over $200,000 being made. Perp almost got it. Fortunately a girl at the bank had a gut feeling and called to double-check… which they had never done before.

We were able to download the server logs and verify when he got in – due mainly to her weak password.

Reply | Quote

cyberSAR wrote:

Just another example of why I never use IMAP

But you know the dangers of a weak password so it wouldn’t be an issue for you.

Hacking is mainly phishing and poor passwords, with the occasional rubbish corporate remote access system (MS). All these are easy to fix, but education seems to be in short supply.

cheers, Paul

Reply | Quote

cyberSAR wrote:

Just another example of why I never use IMAP. POP and remove messages from the server. They’ll have to hack my machine, not MS, Google, Yahoo or whatever.

I too only use POP, and I delete messages from the server as soon as I have successfully downloaded my emails. My particular ISP doesn’t save emails. Once I delete emails, they are gone forever and my ISP can’t help to get any accidentally deleted emails back.

Reply | Quote

Yeah, well.

POP is fine as long as you don’t need such things as server-side folders or even sync to multiple devices… from *that* server. And as long as you take proper backups locally.

Since people seem to want more features from their mail servers nowadays, it’s not very popular…

Of course the *good* way to do multi-device mail is to have the other devices VPN into your own LAN where you have a server keep the mailboxes, just fetch from outside via POP. Then you can do whatever in there. Can also do spam filtering the *right* way without paying your ISP for that.

Or, of course, have your own mail server infrastructure… trusted inside servers, locked down and hardened outside-facing servers, and filtering / intermediate processing in a DMZ.

Heh, proper local processing… reminds me of the time I made a rule to generate a “541 5.7.1 Don’t do that” SMTP DSN reply, triggered by a specific spelling error, but still deliver the message… (well that and that particular spelling error was an unlikely one, only seen in the wild in someone’s out-of-office message that was triggered by each message to a busy list, and their mail server admin wouldn’t answer my calls.)

Reply | Quote

b wrote:

… but not “into” email content, login details or personal information.

Over the weekend several sites reported that a smaller subset of affected users’ email content could in fact have been accessed:

Hackers in Microsoft’s webmail breach could read some users’ messages
Most weren’t affected, but it’s still a dire situation.

Microsoft admits Outlook.com hackers were able to access emails
The security breach was worse for some than others

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support
Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.

Reply | Quote

There’s a lot of click-bait value in this story. Putting it into the BS filter, I don’t like that Techcrunch have nothing to substantiate what they say. All they do is say ‘Microsoft’. Who at Microsoft?  We all know about officer rumors (or should).

 

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

Reply | Quote

The hack is much worse than Microsoft admitted. Contents of messages in Outlook.com, MSN, Hotmail had been accessed too.

“Microsoft said the hackers couldn’t access email content or attachments, and then in another section, that the company’s “data indicates” email contents could not have been viewed.”

“Motherboard’s source, however, said that the technique allowed full access to email content. On Sunday the source provided another screenshot of another page of the panel, with the label “Email Body” and the body of an email redacted by the source. They said the Microsoft support account used belonged to a high privileged user, meaning they likely have more access to material than other employees.”

https://motherboard.vice.com/en_us/article/ywyz3x/hackers-could-read-your-hotmail-msn-outlook-microsoft-customer-support

Reply | Quote