Microsoft has revealed that a group of unknown hackers has perpetrated a data breach in some of the company’s systems; according to cyber forensics course experts from the International Institute of Cyber Security (IICS), hackers would have compromised the log in credentials of some members of the company’s technical support team, thanks to this, they got access the email accounts of one of the Microsoft customers.
Early research indicates that hackers attacked the company’s network sometime between January and March, shortly after the intrusion, cybercriminals accessed Microsoft staff log in data.
According to cyber forensics course experts, the company notified the customer of the situation, stating that: “An unfair access could have allowed an unauthorized user to access information related to your email account, as folder names, email subjects, among other data”. The company also stated that the attackers do not have access to the contents of the folders, messages or attachments.
The exact number of emails that hackers have accessed is still unknown. In addition, Microsoft has also not disclosed information about attacked employees, so it is ignored if they work directly for the company, or if they are part of an outsourcing support company.
Shortly after the incident was detected, Microsoft disabled the compromised log in credentials, and had also maintained monitoring activities to avoid any unauthorized log in attempts.
According to cyber forensics course experts, the company launched a security alert for its customers, mentioning that this incident could generate future phishing campaigns or spam via email. Users are encouraged to remain alert to any unreliable email or request personal information, click on a link, or download attachments.
The Company has also recommended its Outlook customers to reset their passwords as an additional security measure despite the fact that no client of this service has been directly affected by this incident.