Hackers gained access to Hotmail, MSN, Outlook

According to media, the breach allowed them to read the emails of all non-corporate accounts

On Saturday, Microsoft confirmed to TechCrunch that some users of the company’s email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.

But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access to the content of some customers’ emails.

In March, before Microsoft publicly confirmed the hack, the source told Motherboard that this abuse of a customer support portal allowed the hackers to gain access to any email account as long as it wasn’t a corporate level account. This means that while paid, enterprise accounts that businesses pay for weren’t affected, normal consumer accounts were. The source described the attack, including how it relied on abuse of Microsoft’s customer support tool. On Sunday, the source reiterated those details, and provided further information and screenshots of what kind of access the hackers had to Motherboard.

“We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account,” an email from Microsoft to a victim, and posted to Reddit on Saturday, reads.

The email adds that the hackers could have accessed email folder names, the subject lines of emails, and the names of other email addresses the user communicated with. Some of the screenshots provided to Motherboard related to the attack show a panel with a list of account information that the hacker could access, including the customer’s calendar and birth date. The top of the panel has different sections such as “Profile,” “Mailbox Folder Stats,” “Admin Center,” and “Logon History.”

In its notification email, Microsoft said the hackers couldn’t access email content or attachments, and then in another section, that the company’s “data indicates” email contents could not have been viewed.

Motherboard’s source, however, said that the technique allowed full access to email content. On Sunday the source provided another screenshot of another page of the panel, with the label “Email Body” and the body of an email redacted by the source. They said the Microsoft support account used belonged to a high privileged user, meaning they likely have more access to material than other employees.

When presented with this screenshot, Microsoft confirmed it had also sent breach notification emails to some users that did say the customer’s email content had been impacted. Microsoft said that applied to around 6 percent of a small number of impacted customers, although the company didn’t specify how many in total.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson told Motherboard in a statement.

Similar articles