Cybercriminals Compromised Some Accounts

over the weekend, Microsoft stepped in too, issuing a software update for Windows users that reverses the Intel-created patch.

Microsoft this week admitted that “cybercriminals” have compromised a small number of accounts. But the firm says it has no idea how the accounts were compromised.

“Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals,” a Microsoft statement provided to Techcrunch reads. ”We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.”

Here’s what we do know.

The accounts were compromised during January, February, and March 2019.

To access the customer accounts, the cybercriminals first compromised Microsoft support representative accounts. Microsoft doesn’t know how this happened, but it has since disabled those accounts.

“You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source,” a Microsoft email to the compromised customers reads. The problem being, of course, that Microsoft support representatives should generally be trusted.

The compromises only include consumer accounts, not commercial (business) accounts of any kind.

Though email login credentials were not directly impacted by this incident, Microsoft is recommending that all impacted customers reset their email passwords as a precaution.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 11 comments

  • BeckoningEagle

    Premium Member
    13 April, 2019 - 11:52 am

    <p>If they gained access without impacting credentials is worrisome. Wouldn't this mean that there is an exploited vulnerability in their system and that it was not a "phishing" or "malware" thing?</p>

    • JCerna

      Premium Member
      13 April, 2019 - 2:02 pm

      <blockquote><em><a href="#420344">In reply to BeckoningEagle:</a></em></blockquote><p>Well don't know much about this issue but it sounds like they somehow got gold of support accounts, probably using fishing or malware. I am assuming then they used those support accounts to gain access to the personal accounts they were targeting. For example they could have contacted the users from a valid Microsoft server and ask for their security key etc. </p><p><br></p><p>Im just not worried at least not yet. </p>

    • simont

      Premium Member
      13 April, 2019 - 2:14 pm

      <blockquote><em><a href="#420344">In reply to BeckoningEagle:</a></em></blockquote><p>They got a support agents password. How they got the password is the interesting question</p>

  • dontbe evil

    13 April, 2019 - 3:04 pm

    <p>gladly many people use google … oh wait…</p>

    • Winner

      13 April, 2019 - 7:49 pm

      <blockquote><em><a href="#420406">In reply to dontbe_evil:</a></em></blockquote><p>Yes, I trust Google to protect my account more than Microsoft.</p>

      • Tony Barrett

        14 April, 2019 - 6:53 am

        <blockquote><em><a href="#420466">In reply to Winner:</a></em></blockquote><p>I actually do to. It's in Google's interests to do this – it's part of their business model, and they seem to do a better job at it than Microsoft. Windows is in such a mess right now, and the MS backend systems don't seem much better. We're meant to TRUST these people with our data, and as far as I'm concerned, MS are doing a p*ss poor job.</p>

      • dontbe evil

        14 April, 2019 - 7:26 am

        <blockquote><em><a href="#420466">In reply to Winner:</a></em></blockquote><p>search for google data breach, enjoy</p>

  • Bats

    13 April, 2019 - 4:42 pm

    <p>Wait a second…..didn't Saint Satya say this a few years ago (lol), "Security Is The 'Most Pressing Issue Of Our Time'"</p><p><br></p><p><span style="color: rgb(51, 51, 51);">To execute on this, Nadella said, Microsoft will be building out a comprehensive platform that will extend from protection to detection to response, tying in threat intelligence to allow for a more proactive approach, and forming partnerships with other vendors in the IT industry.</span></p><p><br></p><p>That was about 4 years ago!</p><p><br></p><p>I swear…Microsoft is such a "hot mess" and they are trying to sell their products and services to the public? (LOL)</p><p><br></p><p><br></p>

    • sandy

      Premium Member
      13 April, 2019 - 9:36 pm

      <blockquote><em><a href="#420436">In reply to Bats:</a></em></blockquote><p>Oh please, as if any company can absolutely prevent any security breach; it's your sort of attitude that encourages company executives to keep quiet about breaches, but fortunately the EU's GDPR puts a huge financial penalty on any company hiding breaches.</p><p>This incident appears to be just some support clown(s) in India or China who had bad/sloppy password security, perhaps using the same password for their MS work account &amp; other accounts.</p>

  • coeus89

    Premium Member
    14 April, 2019 - 1:37 pm

    <p>I am just glad that (it seems like) they are using proper data segregation in their back end service. Having a rep compromised without credentials being compromised is quite the feat. This gives me more confidence in them, not less. Always have to assume a breach when designing systems.</p>

  • techguy33

    15 April, 2019 - 8:27 pm

    <p>A lot of those bogus "Apple Store" mails with doc or pdf attachments still get through Outlook's spam filters. You would think these are low-hanging fruit for detection.</p>


Stay up to date with the latest tech news from!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 BWW Media Group