Hackers Spied on Microsoft Email Accounts Via Compromised Admin Login

Hackers Spied on Microsoft Email Accounts Via Compromised Admin Login

It’s possible some unknown group of hackers has been looking at your Microsoft email. Microsoft has cautioned users of Outlook, MSN, and Hotmail email accounts that unidentified individuals gained access to an internal customer support account. That allowed them to view data in a large number of user accounts. The issue has been corrected, but it’s not clear how long the breach went undetected or exactly what the attackers could see.

A source reached out to Motherboard several weeks ago with information about the breach, claiming that they’d accessed customer emails via leaked credentials for the Microsoft customer support portal. Microsoft later confirmed the breach in email warning sent out to users and provided some details to TechCrunch.

There is some disagreement over the severity. Everyone agrees that the support account gave hackers access to the subject lines, email history, and contacts for consumer accounts. Corporate accounts were not affected, but the damage for consumers extended to some Microsoft profile information including birth dates, mailbox folder names and stats, login history, and some calendar data. Microsoft says the hackers had access to the support portal for about three months, from January to March of this year. It says about 6 percent of customer accounts were exposed in the breach, but your password isn’t affected. Still, Microsoft recommends changing it out of an abundance of caution. If you have any doubt, check Have I Been Pwned.

The Microsoft support email, via /u/Keats852 on Reddit.
The Microsoft support email, via /u/Keats852 on Reddit.

According to Motherboard’s source, hackers may have had access to the body of emails as well. The source claims the compromised employee login came from a “high privileged” individual who had access to more data. As proof, they submitted a screen in the support portal with an “Email Body” field and redacted text. In addition, the source claims hackers had access to this account for more than six months, twice as long as Microsoft claims.

Regardless of exactly what data was exposed and for how long, Microsoft email users should take some precautions. At a bare minimum, access to your email history and contacts would make it vastly easier to concoct a convincing phishing email. At worst, the attackers may have gotten email bodies that contain sensitive information. Microsoft says it disabled the offending account, but it didn’t explain how it became compromised in the first place.

Continue reading

Someone Hacked Ray Tracing Into the SNES
Someone Hacked Ray Tracing Into the SNES

Surely, a game console from the 90s couldn't support ray tracing, right? Wrong. Game developer and engineer Ben Carter hacked ray tracing into the Super NES with a little help from an FPGA dev board.

New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests
New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests

A new CPU design has won accolades for defeating the hacking efforts of nearly 600 experts during a DARPA challenge. Its approach could help us close side-channel vulnerabilities in the future.

Knee-Deep in the LED: Hackers Get Doom Running on Ikea Smart Bulb
Knee-Deep in the LED: Hackers Get Doom Running on Ikea Smart Bulb

The devices capable of running Doom keep growing. Today's demonstration? Smart bulbs.

Switch Hacker Agrees to Pay Nintendo an Additional $10 million
Switch Hacker Agrees to Pay Nintendo an Additional $10 million

After spending the last few years making and selling Switch modding kits, Bowser has agreed to pay Nintendo $10 million in damages to settle a civil lawsuit. This is in addition to the restitution he was ordered to pay following his criminal conviction.