This is fairly limited information which would be difficult to act on, says Andrew Martin, CEO and founder of cybersecurity company DynaRisk. This would have shown a hacker who the person was communicating with, the subject of the email and the birth date of the individual. The first comment from Microsoft said only high-level information was affected. Anyone who has received a breach notification from Microsoft will be impacted. It looks like some users might have been affected by the first reported compromise and a smaller amount by the second. The firm told TechCrunch: “You should be careful when receiving any emails from any misleading domain name, any email that requests personal information or payment, or any unsolicited request from an untrusted source.”
Microsoft has increased detection and monitoring for the affected accounts and recommended that users change their passwords.
“A small group (~6% of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support,” according to the Microsoft spokesperson. The tech giant says its notification to the majority of those impacted noted that bad actors would not have had unauthorized access to the content of emails or attachments. “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson told me.
Microsoft wasn’t particularly clear at first, but it did reveal some information to me in a statement over email.
The source also demonstrated that adversaries were able to see a user’s calendar and birth date. The source told the site that hackers were able to access any email account apart from corporate level accounts. Motherboard attributes this information to a source who had witnessed the attack in action.
0 kommentar(er)
