top of page
Admin

Microsoft’s Shares Info From Stolen Emails With Its Customers

Published: July 29, 2024 on our newsletter Security Fraud News & Alerts Newsletter.



In an unusual move, cyberattack victim Microsoft offers to share emails stolen from their corporate clients in a data breach. Microsoft says hijacked emails will be released to an organization’s administrators only after vigorous verification. The mega tech titan believes the Russian state-sponsored APT (advanced persistent threat group) known as Midnight Blizzard, aka Nobelium and many other names, is responsible for the attack and that the customers have a right to know what they got.


Six months after the breach, Microsoft (MS) says the attack isn’t due to a vulnerability on their part but instead the abuse of an employee’s credentials. The company’s decision to reveal their clients’ stolen emails is a commitment to “sharing information with our customers as our investigation continues.” In the wake of a cyberattack, many victims stay silent about breach details, much less share stolen information with others caught up in the breach.


Moving Forward


In a dedicated customer portal, and after a rigorous approach confirming a client is whom they say they are, MS sent emails welcoming administrators view their stolen emails. From a security perspective, knowing what sensitive information was compromised allows an organization to react with further protections. It’s a strategic opportunity most second-hand victims don’t have after a cyberattack, and administrators should take advantage of the opportunity.


With a breach on a tech giant like MS, organizations doing business with them should expect email phishing attacks. Armed with stolen email addresses and employee names, the likelihood of email phishing is a flashing red light. For those looking forward, a company with cyber-educated employees have a staff that can stop an attack before it starts. And since 91% of cyberattacks start with email phishing, an educated staffer can be an organization’s best defense. After all, if it can happen to MS, it can happen to anyone.


Phishing Phlags:


  • Generic greetings

  • Misspelled names and words

  • Typos

  • Poor quality graphics and images

  • Attachments of any type and unexpected links

  • A sense of urgency tries to provoke quick responses

  • An unknown or odd return email address


Want to schedule a conversation? Please email us at advisor@nadicent.com

Recent Posts

See All

Comments


bottom of page