/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2017/05/hackers7687.jpg)
April 2019 brought dangerous news for Microsoft's non-corporate users that their emails - Hotmail, Outlook, and MSN - were hacked in a data breach that the company suffered between January and March of 2019. Microsoft has acknowledged the data breach and informs that its customer support platform was compromised resulting in 6% of the non-corporate email users getting affected.
Initially Microsoft had admitted that hackers could access account data including email addresses, subject lines, and folders nested within the email account. Later, the company added that hackers had been successful in accessing the text of the email messages as well as the attachments.
Damage Control
On its part Microsoft has informed the affected users and taken up firefighting measures by ramping up security of the compromised accounts. The company has disabled compromised credentials and enhanced monitoring of the affected accounts. However, it is easy to understand that hackers could have hit a treasure trove of information as users store and share a lot of information - including passwords, identification proofs, bank statements, and so forth - through email.
The Prime Motive
According to Motherboard, it possesses screenshots that reveal hackers accessed customer support panel that had customer’s calendar, birth date, profile, mailbox folder stats, admin center, and logon history. It is being speculated that the hack was part of iCloud unlocks in order to remove the activation lock (an Apple security feature) from the stolen iPhones.
The Weak Links
This incident highlights the increasing vulnerability of customer support desks as a weak link that can unwittingly facilitate unauthorized access to critical business and customer data. Customer support desks often have the most information handy about the customer on the other side of the phone (or chat box) in order to help address customer grievances effectively. But the same information can be a potential minefield, as has now been proved with this incident.
Can privileged account access be the answer? We will discuss in the next post.