On Friday night Microsoft sent notification emails to an unknown number of its individual email users (via Outlook, MSN, and Hotmail), warning them of a data breach. Between January 1 and March 28, this year, hackers used a set of stolen credentials for a Microsoft customer support platform to access account information such as email addresses in messages, subject lines, and folder names in accounts. On Sunday, he admitted that the problem was actually much worse.
After Tech News Site Motherboard presented Microsoft with evidence from one source that the scope of the incident was more extensive, the company revised its original statement and instead said that it was about 6 percent of users who received a notification. Hackers could also access the text of their messages and attachments. Microsoft had previously denied TechCrunch that full e-mail messages were affected.
"Support" is generally a big security hole just waiting for it. "
Dave Aitel, Cyxtera
It may seem strange that a single person A number of customer support credentials could be the key to such a kingdom, but the security community increasingly sees customer and internal support mechanisms as a potential source of threat On the one hand, support agents need enough account or device access to actually help people, but as the Microsoft incident demonstrates, too much access can get into the wrong hands in a dangerous situation.
"We have "This scheme has affected a limited number of consumer accounts by disabling vulnerable credentials and blocking perpetrators' access," said a Microsoft spokesperson for WIRED, which reports that it is monitoring the monitoring of threats to accounts. who are affected by the offense, "from a wealth of V view "has increased. Microsoft would not comment to WIRED on the extent of the attack or state the total number of accounts involved.
Without further information from Microsoft, it is difficult to determine the purpose of the attack. E-mail accounts can be extremely valuable to criminals. Users often use them to set up other accounts. This means that attackers can use the email account themselves to reset passwords and compromise multiple services. The motherboard reported that the attackers actually used their access to break into iCloud accounts and disable the iPhone activation locks. With almost three months' access, however, it is still unclear whether the attackers were focused on small, targeted intruders or serious fraud.
"We've found that the credentials of a Microsoft support agent are compromised and individuals are able to access Microsoft's information in your Microsoft email account," Microsoft said in a statement that the attack was not on an insider threat was due. But that raises even more questions.
"Sometimes it's difficult to diagnose a problem over the phone, only when it's explained, so you want a high-privilege user to jump into the account," says Jeremiah Grossman, who has worked as Information Security Officer Yahoo in the early 2000s for two years and is now CEO of the corporate inventory firm Bit Discovery. "But this service system should not be remotely accessible over the Internet, it should be an internal system, how exactly has the opponent even connected with [the Microsoft portal]let alone logged in?"
states Grossman. Additionally, Microsoft would need to require wide-access customer support accounts to use two-factor or multi-factor authentication, which could have helped prevent this issue altogether. Unfortunately, Microsoft does not seem to be the exception.
"We do a lot of consulting, where we go to every machine in a company, call the support desk and then get the credentials of the support engineers when they connect to the machine and use them to connect Dave Aitel, Chief Security Technology Officer of Cyxtera, a secure infrastructure company, said, "It's the server of the CEO." "In general," support "is a big security hole that's still to be expected."
The key to maintaining a customer support system, Grossman says, is to control how many people have privileged access to accounts and to carefully record all cases where a user account is being monitored. Systems use systems like that when credentials need to be closely monitored, such as debugging or meeting law enforcement data requirements.
If you received a notification email from Microsoft, you should change the password of your email account and enable two-factor authentication if it is not already turned on. However, it is difficult for users to protect themselves when they are exposed to the security of customer support they can not control. The least of what Microsoft could do is get a clear picture of what happened ̵
Other great WIRED stories