Microsoft Tells Yet More Customers Their Emails Have Been Stolen (theregister.com) 23
Microsoft revealed that the Russian hackers who breached its systems earlier this year stole more emails than initially reported. "We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson told Bloomberg (paywalled). "This is increased detail for customers who have already been notified and also includes new notifications." The Register reports: We've been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive U.S. government data. Reports last week revealed that the issue was even larger than initially believed and additional customers' data has been stolen. Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior U.S. government officials.
Both incidents have led experts to call Microsoft a threat to U.S. national security, and president Brad Smith to issue a less-than-reassuring mea culpa to Congress. All the while, the U.S. government has actually invested more in its Microsoft kit. Bloomberg reported that emails being sent to affected Microsoft customers include a link to a secure environment where customers can visit a site to review messages Microsoft identified as having been compromised. But even that might not have been the most security-conscious way to notify folks: Several thought they were being phished.
Both incidents have led experts to call Microsoft a threat to U.S. national security, and president Brad Smith to issue a less-than-reassuring mea culpa to Congress. All the while, the U.S. government has actually invested more in its Microsoft kit. Bloomberg reported that emails being sent to affected Microsoft customers include a link to a secure environment where customers can visit a site to review messages Microsoft identified as having been compromised. But even that might not have been the most security-conscious way to notify folks: Several thought they were being phished.
Remember? (Score:5, Informative)
Let's face it - if you are on Exchange, "All your base are belong to us" now.
Re:Remember? (Score:5, Insightful)
Seriously. Who in the name of the elders of the Internet ever thought that consolidation at this capacity and context was anywhere close to a good idea, security-and-privacy-wise?
Re: (Score:2)
Seriously. Who in the name of the elders of the Internet ever thought that consolidation at this capacity and context was anywhere close to a good idea, security-and-privacy-wise?
After being forced into cloud Exchange, I forwarded it all to another address, but I assume that it is being read by people other than those in the address list.
So nothing of importance is on any of those emails. Hopefully to bore Boris and Nushi to tears!
Re: (Score:2)
Re: Remember? (Score:2)
The answer may be in your question. I'm not sure security and privacy were the primary considerations, sadly.
Re: (Score:3)
Re: Remember? (Score:2)
Re: (Score:2)
Re: Remember? (Score:1)
Re: (Score:2)
Yes! It's how I felt when everyone I knew got a Gmail address!
Frying pan to the fire, amirite? Not much consolation either, that Gmail tells you they read your email.
Comment removed (Score:4, Interesting)
Meanwhile, on the Linux side of things (Score:5, Funny)
The tone on the kernel mailing lists is noticably tense, with the unspoken question forefront in everyone's mind... what if China or Russia get hold of the Linux source code?
Re: (Score:2)
... what if China or Russia get hold of the Linux source code?
Then I guess they'll exploit whatever bugs they've found, without disclosing them. Only they don't have to hack any servers to get the code in the first place.
Re: (Score:3)
>> what if China or Russia get hold of the Linux source code? :)
They'll contribute to it
Re: (Score:1)
Russian hackers posing as MS telling customers (Score:3)
that their accounts have been stolen by Russian hackers posing as Microsft engineers telling customers that their accounts have ...
*grabs popcorn*
Re: Russian hackers posing as MS telling customers (Score:3)
Corporations still ignoring best practices (Score:2)
"... avoid clicking on links in email": Supposedly, the reply from Microsoft Support when asked to confirm this email.
Use the cloud they said... (Score:5, Insightful)
The cloud is secure and well-administrated, they said. But there were no penalties when they screwed up or did things cheaply.
Remind me again why I was never a fan of the cloud?
Re: (Score:2)
I begin to wonder, what the connecting line between OWASSRF [crowdstrike.com], Monikerlink [checkpoint.com] and this latest thing could be ...
This is not about the cloud. Look at the two other exploits I linked to: no cloud required for that.
Re: (Score:1)