Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Microsoft Privacy Security

Microsoft Tells Yet More Customers Their Emails Have Been Stolen (theregister.com) 23

Posted by BeauHD from the there's-more-where-that-came-from dept.
Microsoft revealed that the Russian hackers who breached its systems earlier this year stole more emails than initially reported. "We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson told Bloomberg (paywalled). "This is increased detail for customers who have already been notified and also includes new notifications." The Register reports: We've been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive U.S. government data. Reports last week revealed that the issue was even larger than initially believed and additional customers' data has been stolen. Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior U.S. government officials.

Both incidents have led experts to call Microsoft a threat to U.S. national security, and president Brad Smith to issue a less-than-reassuring mea culpa to Congress. All the while, the U.S. government has actually invested more in its Microsoft kit. Bloomberg reported that emails being sent to affected Microsoft customers include a link to a secure environment where customers can visit a site to review messages Microsoft identified as having been compromised. But even that might not have been the most security-conscious way to notify folks: Several thought they were being phished.

Microsoft Tells Yet More Customers Their Emails Have Been Stolen More | Reply

Microsoft Tells Yet More Customers Their Emails Have Been Stolen

Comments Filter:

  • Remember? (Score:5, Informative)

    by Ol Olsoc ( 1175323 ) on Monday July 01, 2024 @06:54PM (#64593343)
    When Exchange on the cloud was so secure, and millions of people were forcibly placed into this secure system?

    Let's face it - if you are on Exchange, "All your base are belong to us" now.

    • Re:Remember? (Score:5, Insightful)

      by TheDarkener ( 198348 ) on Monday July 01, 2024 @07:03PM (#64593369) Homepage

      Seriously. Who in the name of the elders of the Internet ever thought that consolidation at this capacity and context was anywhere close to a good idea, security-and-privacy-wise?

      • Seriously. Who in the name of the elders of the Internet ever thought that consolidation at this capacity and context was anywhere close to a good idea, security-and-privacy-wise?

        After being forced into cloud Exchange, I forwarded it all to another address, but I assume that it is being read by people other than those in the address list.

        So nothing of importance is on any of those emails. Hopefully to bore Boris and Nushi to tears!

      • Re: (Score:2)

        by mmell ( 832646 )
        PHB's.

      • The answer may be in your question. I'm not sure security and privacy were the primary considerations, sadly.

    • Re: (Score:3)

      by mmell ( 832646 )
      That's how I became addicted to Outlook, even when I knew that MicroSoft was the enema of all that was good and wholesome and right. I used to bootleg it until they finally made it too much trouble to steal.

      Doesn't matter anymore. You want secure, stop sending emails built on the postcard model. Get Thunderbird with E2E public keyring encryption and start using envelopes to send your email. Once you do, you'll never go back!

      • Sure but it us very boring to send secure mail to myself only.

        • Re: (Score:2)

          by mmell ( 832646 )
          And ever so shall be, eh? What, it's too newfangled an idea to ever catch on? I can show you how to get the letter out of the envelope, when you decide you want to send more than postcards. It's not that hard, I promise. After that, let this old boomer help you figure out your clicker.

          Or just spend a couple bucks and buy a letter opener. I hear Proton Mail's pretty good?

    • Yes! It's how I felt when everyone I knew got a Gmail address!

      • Yes! It's how I felt when everyone I knew got a Gmail address!

        Frying pan to the fire, amirite? Not much consolation either, that Gmail tells you they read your email.

        • Re: Remember? (Score:4, Interesting)

          by mmell ( 832646 ) on Tuesday July 02, 2024 @12:12PM (#64594941)
          As long as they let me do IMAP, that's enough. It doesn't matter what anybody says, everything in an unencrypted email is assumed to be open to all who encounter it as it winds its way across the intarweb to its destination, even in an old-style POP3 scheme. Google's just more honest about it, they actually spell it out in their TOS; but if I'm running a SMTP mail relay it's possible for me to read each and every unencrypted email that comes through my system. There are absolutely no technical measures in place to prevent it. The old solution was to tar/zip content with a password to encrypt it before emailing. Required negotiating a password separately. Unless it includes end-to-end encryption, no email provider is secure or can be.

          With that said, M$ got beat at their own game by bad guys. Y'know, if everyone was routinely using email encryption, nobody'd care that much if M$ got hacked.

  • Meanwhile, on the Linux side of things (Score:5, Funny)

    by 93 Escort Wagon ( 326346 ) on Monday July 01, 2024 @07:02PM (#64593361)

    The tone on the kernel mailing lists is noticably tense, with the unspoken question forefront in everyone's mind... what if China or Russia get hold of the Linux source code?

  • that their accounts have been stolen by Russian hackers posing as Microsft engineers telling customers that their accounts have ...
    *grabs popcorn*

  • ... emails being sent ... include a link ...

    "... avoid clicking on links in email": Supposedly, the reply from Microsoft Support when asked to confirm this email.

  • Use the cloud they said... (Score:5, Insightful)

    by gweihir ( 88907 ) on Monday July 01, 2024 @07:32PM (#64593417)

    The cloud is secure and well-administrated, they said. But there were no penalties when they screwed up or did things cheaply.

    Remind me again why I was never a fan of the cloud?

    • Re: (Score:2)

      by Slayer ( 6656 )

      I begin to wonder, what the connecting line between OWASSRF [crowdstrike.com], Monikerlink [checkpoint.com] and this latest thing could be ...

      This is not about the cloud. Look at the two other exploits I linked to: no cloud required for that.

Slashdot Top Deals

Do you suffer painful illumination? -- Isaac Newton, "Optics"

Close