spot_img

Ponovno hakovani Microsoft-ovi web e-mail servisi


Microsoft je priznao da je nedavno imao hakerski upad koji je hakerima omogućio pristup određenim email informacijama.

U emailu koji je poslao korisnicima koji su uključeni u napad Microsoft objašnjava da je maliciozni softver kompromitovao pristupne podatke Microsoft-ovog agenta za podršku, što je napadačima omogućilo pristup informacijama skladištenim u Microsoft-ove email naloge (@outlook.com, @hotmail.com i @msn.com).

Informacije izložene hakerima uključuju email adrese, imena datoteka, predmete emailova (subjects) i nazive drugih email adresa sa kojima su korisnici komunicirali. Microsoft tvrdi da hakerima nisu bili izloženi sadržaji mailova, kao ni dodatci (attachements).

Neautorizovani pristupi su bili zabeleženi između 1. januara i 28. marta ove godine, ali Microsoft ne odaje detalje o tome kako su hakeri uspeli da komprimituju „credentialse“ agenta podrške, ali kaže da je trenutno isključio kompromitovani nalog čim je detektovao upad.

Microsoft kaže da lozinke nisu pokradene, ali preporučuje svima da ih promene i ukazuje na mogućnost povećanja phishing emailova koje bi korisnici mogli dobijati nakon ovog slučaja.

Čitav mail koji je Microsoft slao korisnicima možete pročitati ovde:

Dear Customer

Microsoft is committed to providing our customers with transparency. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.

We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.

Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source (you can read more about phishing attacks at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing).

It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.

If you require further assistance, or have any additional questions or concerns, please feel free to reach out to our Incident Response Team at ipg-ir@microsoft.com. If you are a citizen of European Union, you may also contact Microsoft’s Data Protection Officer at:

EU Data Protection Officer
Microsoft Ireland Operations Ltd
One Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland
dpoffice@microsoft.com

Izvor: itvesti.info

Mihailo Todorović
Mihailo Todorović
Student Elektrotehničkog fakulteta. Voli druženje, filmove i sport.