The company says that either a hacker or a group of hackers have accessed a Microsoft customer support account to obtain users’ private information
Users of Microsoft’s e-mail service, Outlook, are claiming that the security of their accounts has been compromised. Multiple victims assert that the attackers have accessed keys, passwords and confidential cryptographic information, which have allowed them to steal their funds in cryptocurrencies.
Outlook Accounts Hacked
Microsoft confirmed that some user accounts of the company’s e-mail service have been compromised. The company explained that either a hacker or a group of hackers have accessed a Microsoft customer support account, from which they managed to access information related to users’ e-mail accounts.
Microsoft said that the attackers could only access metadata such as the subject lines of the e-mails and the names with whom the users of the affected accounts maintained communication.
But the problem was much worse, since Microsoft confirmed that the hackers have also been able to access e-mail content from a large number of Outlook, MSN and Hotmail e-mail accounts.
Recently, numerous victims have indicated what they believe may be one of the reasons that motivate the breach: stealing users’ cryptocurrency accounts. In Jevon Ritmeester’s opinion, a user who warned of the data breach, in an e-mail message, referring to the popular Kraken cryptographic currency exchange:
“The hackers also had access to my inbox, which allowed them to reset the password of my Kraken.com account and withdraw my bitcoins.”
Modus Operandi
Ritmeester believes that the hackers configured an e-mail forwarding system: each time an e-mail mentioned the term “Kraken”, their account automatically forwarded it to a Gmail address supposedly controlled by the attackers.
This system would include e-mails that deal with the resetting of passwords and Bitcoin withdrawal requests sent by the exchange platforms. Actually, that is how Ritmeester noticed the theft and the modus operandi of the attackers.
Ritmeester explained that when he was checking the trash bin in his account, he found e-mails requesting the reset of the password and the transfer of Bitcoin from his Kraken account. He asserted that the attackers withdrew 1 Bitcoin from his account (around US $5,300 at the current exchange rate).
“Unfortunately, I did not have 2FA (two-factor authentication) on Kraken.com because I assumed that all my accounts were well protected with long and unique passwords. I think this is still the case, but this leakage from Microsoft came from within.”
If Ritmeester had had the two-factor authentication activated on Kraken, he could have been saved from the attack. In that case, the hackers would have had to violate his cell phone to access the code that would allow them to obtain the bitcoins.
Victims’ Complaints
Ritmeester seems not the only person whose cryptocurrencies have been stolen by hackers because of Microsoft’s security breach.
“My account was hacked as a direct result of this,” wrote Reddit user shinratechlabs. This user added that he lost “25,000 in cryptography” although it is not clear to what currency it refers, or if it is the amount to fiat change.
“Exactly the same happened to me, only much fewer funds were stolen. All this is disgusting,” said another Reddit user, Mickey_ficke.
A Microsoft spokesman commented on the matter and told the medium Motherboard on Monday:
“Customers who believe that they have been impacted beyond what is indicated in the company’s notification should contact the Microsoft support team for assistance.”
In response to the actions of the company, Ritmeester said:
“I feel that Microsoft is trying to conceal that crime and is not serious about it.
Holding Microsoft Responsible
Originally, various media reported data breach in Outlook, to which Microsoft said that it only affected e-mail metadata and customer information. However, after Microsoft received evidence that the content of the e-mail had also been affected, the company was forced to revise its statement.
Microsoft was already fully aware that the content was exposed. In addition, the company had already sent notification e-mails of infractions to victims in which it said the same. Subsequently, the company announced that the violated customer support e-mail account had been closed.
At that time, Microsoft also said that this access was used as part of the so-called “iCloud unlocks”. These unblocks seek to compromise the iCloud account of a target to eliminate the factory lock of the iPhone, which is an Apple security feature that prevents thieves from restoring stolen devices to factory settings and selling them.
Ritmeester spoke with the half Motherboard about the attack on his account and stressed that he plans to file a police report to make the company responsible for the damage:
“I think Microsoft speaks […] lightly about this leak. And I think there are many users who have suffered damages in one way or another, since there is a lot of sensitive information in an inbox […] I am planning at least to file a police report and thinking about holding Microsoft responsible for the financial damage and for the fact that a lot of my personal information may leak in the near future.”
By Willmen Blanco
