On Friday night Microsoft sent emails via email. E-mails unknown to emails For the number of mail users – Outlook, MSN, and Hotmail – warns of data corruption. From 1 January this year By March 28 Hackers The Microsoft Customer Service Platform has used a stolen credential set to gain access to account data, such as Email. Mailbox notifications, message threads, and folder names. On Sunday she admitted that the problem was really worse.
After the Motherboard technology newsletter showed Microsoft's evidence from a source that the scope of the incident was wider, the company revised its initial statement, saying that about 6 years of hackers who had received the message could also reach text of your posts and attachments. Microsoft has previously abandoned TechCrunch to be affected by all email. Mail messages.
"In general," support "is a big hole in security waiting to happen." However, in the security community, customer and internal support mechanisms are increasingly seen as a potential source of impact. On the one hand, auxiliary agents have enough accounts or devices to really help people. However, as the Microsoft incident shows, excessive access to wrong hands can harm a dangerous situation.
"With this scheme that has affected a limited subset of consumer accounts, we have turned off compromise credentials and blocked access by criminals," Microsoft spokesman said. The company argues that, as a precautionary measure, it has increased the monitoring of threats related to irregularities. Microsoft has not reported WIRED about the extent of the attack or the total number of affected accounts
In addition to Microsoft, it is difficult to describe the purpose of the attack. Email Mail accounts can be very valuable to criminals; people often use them to set up other accounts, which means that attackers can use email. The motherboard reported that the attackers actually used access to iCloud accounts to disable iPhone activation locks. However, almost three months after their access, it is still unclear whether the attackers were focused on small, accurate hacking or fraud.
"We have detected that the Microsoft Support Agent credentials have been compromised by allowing Microsoft to access information from outside Microsoft. In a mail account, "Microsoft said in a statement that the attack was not the result of an internal threat. But this raises more questions
"Sometimes the problem is difficult to diagnose by phone just to explain, so you want a high-level user to switch to an account," says Jeremiah Grossman, who worked as an information security officer for Yahoo for two years in 2000 . Bit Discovery is the CEO of Enterprise Inventory Security at the beginning of this year. “However, this system of customer service representatives should not be remotely accessible via the Internet; it should only be an internal system. So how exactly did the opponent join [the Microsoft portal] not to mention joining? ”
Grossman also notes that Microsoft should require customer service accounts with wide access to use two-factor or multifunctional. authentication that can help prevent this problem. Unfortunately, Microsoft seems to be no exception.
"We do a lot of consulting tasks when we go to any company machine, call the helpdesk, and when they join, they can grab the support engineer's power to the machine and use them to access other servers, such as the CEO Dave Aitel, Chief Security Officer at the secure infrastructure company Cyxtera, said in a report on the server. "In general," support "is a big hole in security waiting to happen."
Grossman says that the key to maintaining a customer support system is to control how many people have privileged access to their account and to keep a close eye on all cases when a user account is available for audit. Engineer teams are already using such systems for situations where credentials need to be carefully protected, such as by combining or executing law enforcement data inquiries
If you have received a Microsoft notification email. You should replace the email with your email. -factor authentication if it is not already enabled. However, it is difficult for consumers to protect themselves when they are the grace of customer support that they cannot control. At least Microsoft could give a clear picture of what happened ̵1; and why.
More Great WIRED Stories