Microsoft’s Shares Info From Stolen Emails With Its Customers

Published: July 29, 2024 on our newsletter Security Fraud News & Alerts Newsletter.

In an unusual move, cyberattack victim Microsoft offers to share emails stolen from their corporate clients in a data breach. Microsoft says hijacked emails will be released to an organization’s administrators only after vigorous verification. The mega tech titan believes the Russian state-sponsored APT (advanced persistent threat group) known as Midnight Blizzard, aka Nobelium and many other names, is responsible for the attack and that the customers have a right to know what they got.

Six months after the breach, Microsoft (MS) says the attack isn’t due to a vulnerability on their part but instead the abuse of an employee’s credentials. The company’s decision to reveal their clients’ stolen emails is a commitment to “sharing information with our customers as our investigation continues.” In the wake of a cyberattack, many victims stay silent about breach details, much less share stolen information with others caught up in the breach.

Moving Forward

In a dedicated customer portal, and after a rigorous approach confirming a client is whom they say they are, MS sent emails welcoming administrators view their stolen emails. From a security perspective, knowing what sensitive information was compromised allows an organization to react with further protections. It’s a strategic opportunity most second-hand victims don’t have after a cyberattack, and administrators should take advantage of the opportunity.

With a breach on a tech giant like MS, organizations doing business with them should expect email phishing attacks. Armed with stolen email addresses and employee names, the likelihood of email phishing is a flashing red light. For those looking forward, a company with cyber-educated employees have a staff that can stop an attack before it starts. And since 91% of cyberattacks start with email phishing, an educated staffer can be an organization’s best defense. After all, if it can happen to MS, it can happen to anyone.

Phishing Phlags:

• Generic greetings

• Misspelled names and words

• Typos

• Poor quality graphics and images

• Attachments of any type and unexpected links

• A sense of urgency tries to provoke quick responses

• An unknown or odd return email address

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com