Cybercriminals Compromised Some Accounts

Posted on April 13, 2019 by Paul Thurrott in with 11 Comments

over the weekend, Microsoft stepped in too, issuing a software update for Windows users that reverses the Intel-created patch.

Microsoft this week admitted that “cybercriminals” have compromised a small number of accounts. But the firm says it has no idea how the accounts were compromised.

“Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals,” a Microsoft statement provided to Techcrunch reads. ”We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.”

Here’s what we do know.

The accounts were compromised during January, February, and March 2019.

To access the customer accounts, the cybercriminals first compromised Microsoft support representative accounts. Microsoft doesn’t know how this happened, but it has since disabled those accounts.

“You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source,” a Microsoft email to the compromised customers reads. The problem being, of course, that Microsoft support representatives should generally be trusted.

The compromises only include consumer accounts, not commercial (business) accounts of any kind.

Though email login credentials were not directly impacted by this incident, Microsoft is recommending that all impacted customers reset their email passwords as a precaution.

Tagged with

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (11)

11 responses to “Cybercriminals Compromised Some Accounts”

  1. BeckoningEagle

    If they gained access without impacting credentials is worrisome. Wouldn't this mean that there is an exploited vulnerability in their system and that it was not a "phishing" or "malware" thing?

    • JCerna

      In reply to BeckoningEagle:

      Well don't know much about this issue but it sounds like they somehow got gold of support accounts, probably using fishing or malware. I am assuming then they used those support accounts to gain access to the personal accounts they were targeting. For example they could have contacted the users from a valid Microsoft server and ask for their security key etc.

      Im just not worried at least not yet.

    • simont

      In reply to BeckoningEagle:

      They got a support agents password. How they got the password is the interesting question

  2. dontbe evil

    gladly many people use google ... oh wait...

  3. Bats

    Wait a second.....didn't Saint Satya say this a few years ago (lol), "Security Is The 'Most Pressing Issue Of Our Time'"

    To execute on this, Nadella said, Microsoft will be building out a comprehensive platform that will extend from protection to detection to response, tying in threat intelligence to allow for a more proactive approach, and forming partnerships with other vendors in the IT industry.

    That was about 4 years ago!

    I swear...Microsoft is such a "hot mess" and they are trying to sell their products and services to the public? (LOL)

    • sandy

      In reply to Bats:

      Oh please, as if any company can absolutely prevent any security breach; it's your sort of attitude that encourages company executives to keep quiet about breaches, but fortunately the EU's GDPR puts a huge financial penalty on any company hiding breaches.

      This incident appears to be just some support clown(s) in India or China who had bad/sloppy password security, perhaps using the same password for their MS work account & other accounts.

  4. coeus89

    I am just glad that (it seems like) they are using proper data segregation in their back end service. Having a rep compromised without credentials being compromised is quite the feat. This gives me more confidence in them, not less. Always have to assume a breach when designing systems.

  5. techguy33

    A lot of those bogus "Apple Store" mails with doc or pdf attachments still get through Outlook's spam filters. You would think these are low-hanging fruit for detection.