News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Friday night news dump: Microsoft says a compromised support agent’s credentials were used to hack into Outlook.com accounts earlier this year

    Posted on April 13th, 2019 at 11:51 woody Comment on the AskWoody Lounge

    From Tom Warren on The Verge:

    Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this year. The software giant discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019. Microsoft says the hackers could have viewed account email addresses, folder names, and subject lines of emails, but not the content of emails or attachments.

    And of course we’re only hearing about that this morning — two weeks after the hack stopped.

    There’s a reason why Microsoft has PR people embedded throughout the organization. I’m just waiting for the first virus announcement with a fancy name and custom logo.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Friday night news dump: Microsoft says a compromised support agent’s credentials were used to hack into Outlook.com accounts earlier this year

    This topic contains 15 replies, has 12 voices, and was last updated by

     SteveTree 2 days, 12 hours ago.

    • Author
      Posts
    • #365561 Reply

      woody
      Da Boss

      From Tom Warren on The Verge: Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this
      [See the full post at: Friday night news dump: Microsoft says a compromised support agent’s credentials were used to hack into Outlook.com accounts earlier this year]

      3 users thanked author for this post.
    • #368884 Reply

      b
      AskWoody Plus

      … but not “into” email content, login details or personal information.

       

      “…additional hardening of systems and processes to prevent such recurrence.”

      Hopefully two-factor authentication for support agents if their tasks are accessible externally?

       

      Passwords really are a pain for everyone, but there seems no agreement how to move beyond them (or even how to manage them for now, until something better comes along.)

       

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant Toxic drinker Saluted blockhead "Finger sharpener" (Group ASAP) WX1903

      3 users thanked author for this post.
      • #398562 Reply

        lurks about
        AskWoody Lounger

        Passwords and to a lesser extent tokens are a pain but they have on advantage over biometrics. They can be changed when needed, biometrics cannot. So we will be stuck with passwords and tokens into the future.

        Paraphrasing Churchill, Passwords are the worst security method but I cannot think of a better method.

    • #373226 Reply

      anonymous

      Has this not happen before with the dark net hack that has been for sale since Windows 10 was release? MS still has not fixed it. There is supposedly a vulnerable that lets any one get into outlook.com email account without a user password. Only requirement is that user use outlook email as their account in Windows 10.

    • #381153 Reply

      anonymous

      Any idea if this just affects outlook.com addresses or the entire outlook.com platform, including hotmail users?

      • #427253 Reply

        anonymous

        Any idea if this just affects outlook.com addresses or the entire outlook.com platform, including hotmail users?

        It has impacted everyone to my knowledge. I have had over 200 clients call me up that had outloook and hotmail that they got an email from MS about being hacked and what that need to do. This is one of the reason that I am recommending my clients to move away from MS.

        • #432484 Reply

          Ed
          AskWoody Lounger

          That’s simply not true! There’s three Hotmail users right here in this house that have old original Hotmail addresses and not one of us has heard from MS about being compromised.

          • This reply was modified 2 days, 13 hours ago by
             Ed.
    • #390643 Reply

      Pepsiboy
      AskWoody Lounger

      If Microsoft is unable to secure their own equipment, HOW can we expect them to keep OURS secure???

      For me, this is ANOTHER reason to steer away form their stuff.

      Many thanks to Woody and the crew for doing what you do to keep us safe ! ! ! !

      Dave

      • #402084 Reply

        SteveTree
        AskWoody Lounger

        You blame Microsoft without knowing how the hack occurred? It reads very much like an employee failure.

        Social engineering can do more than trick a home user into running a dud program. Hacks are not always done by pimply child geniuses cracking a password.

        https://www.youtube.com/watch?v=Ck_r2GYLdCI

         

        Group A (but Telemetry disabled Tasks and Registry)
        Win 7 64 Pro desktop
        Win 10 32 Home portable

        1 user thanked author for this post.
        Ed
    • #393740 Reply

      cyberSAR
      AskWoody Plus

      Just another example of why I never use IMAP. POP and remove messages from the server. They’ll have to hack my machine, not MS, Google, Yahoo or whatever.

      Once had a client who had her business email account hacked and the perp monitored their activity for 2 months. Had everything – signatures, contacts, writing style – all of it.  Client had a bank transfer of over $200,000 being made. Perp almost got it. Fortunately a girl at the bank had a gut feeling and called to double-check… which they had never done before.

      We were able to download the server logs and verify when he got in – due mainly to her weak password.

    • #398535 Reply

      Paul T
      AskWoody MVP

      Just another example of why I never use IMAP

      But you know the dangers of a weak password so it wouldn’t be an issue for you.

      Hacking is mainly phishing and poor passwords, with the occasional rubbish corporate remote access system (MS). All these are easy to fix, but education seems to be in short supply.

      cheers, Paul

    • #399933 Reply

      GoneToPlaid
      AskWoody Plus

      Just another example of why I never use IMAP. POP and remove messages from the server. They’ll have to hack my machine, not MS, Google, Yahoo or whatever.

      I too only use POP, and I delete messages from the server as soon as I have successfully downloaded my emails. My particular ISP doesn’t save emails. Once I delete emails, they are gone forever and my ISP can’t help to get any accidentally deleted emails back.

      • #410491 Reply

        mn–
        AskWoody Lounger

        Yeah, well.

        POP is fine as long as you don’t need such things as server-side folders or even sync to multiple devices… from *that* server. And as long as you take proper backups locally.

        Since people seem to want more features from their mail servers nowadays, it’s not very popular…

        Of course the *good* way to do multi-device mail is to have the other devices VPN into your own LAN where you have a server keep the mailboxes, just fetch from outside via POP. Then you can do whatever in there. Can also do spam filtering the *right* way without paying your ISP for that.

        Or, of course, have your own mail server infrastructure… trusted inside servers, locked down and hardened outside-facing servers, and filtering / intermediate processing in a DMZ.

        Heh, proper local processing… reminds me of the time I made a rule to generate a “541 5.7.1 Don’t do that” SMTP DSN reply, triggered by a specific spelling error, but still deliver the message… (well that and that particular spelling error was an unlikely one, only seen in the wild in someone’s out-of-office message that was triggered by each message to a busy list, and their mail server admin wouldn’t answer my calls.)

    • #422450 Reply

      b
      AskWoody Plus

      … but not “into” email content, login details or personal information.

      Over the weekend several sites reported that a smaller subset of affected users’ email content could in fact have been accessed:

      Hackers in Microsoft’s webmail breach could read some users’ messages
      Most weren’t affected, but it’s still a dire situation.

      Microsoft admits Outlook.com hackers were able to access emails
      The security breach was worse for some than others

      Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support
      Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant Toxic drinker Saluted blockhead "Finger sharpener" (Group ASAP) WX1903

      • #434657 Reply

        SteveTree
        AskWoody Lounger

        There’s a lot of click-bait value in this story. Putting it into the BS filter, I don’t like that Techcrunch have nothing to substantiate what they say. All they do is say ‘Microsoft’. Who at Microsoft?  We all know about officer rumors (or should).

         

        Group A (but Telemetry disabled Tasks and Registry)
        Win 7 64 Pro desktop
        Win 10 32 Home portable

    • #426014 Reply

      Alex5723
      AskWoody Plus

      The hack is much worse than Microsoft admitted. Contents of messages in Outlook.com, MSN, Hotmail had been accessed too.

      “Microsoft said the hackers couldn’t access email content or attachments, and then in another section, that the company’s “data indicates” email contents could not have been viewed.”

      “Motherboard’s source, however, said that the technique allowed full access to email content. On Sunday the source provided another screenshot of another page of the panel, with the label “Email Body” and the body of an email redacted by the source. They said the Microsoft support account used belonged to a high privileged user, meaning they likely have more access to material than other employees.”

      https://motherboard.vice.com/en_us/article/ywyz3x/hackers-could-read-your-hotmail-msn-outlook-microsoft-customer-support

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Friday night news dump: Microsoft says a compromised support agent’s credentials were used to hack into Outlook.com accounts earlier this year

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: