Account hacked Accounts hacked.(Source: Shutterstock)

|

Microsoft alerted Outlook.com users of a hacker obtaining access toaccounts earlier this year; and a cybercriminal gang continues itsquest to sell the data of one billion users.

|

The tech giant revealed the compromising of a support agent'scredentials for its web mail service, allowing unauthorized accessto some accounts between January 1 to March 28, 2019.

|

According to an email sent to most affected users and thenposted online, Microsoft said hackers possibly viewedaccount-related information but not the content of any e-mails.“Microsoft has no indication why that information was viewed or howit may have been used.” Some outlets reported the breach affected6% of Outlook accounts (Lifewire reported 400 million active usersas of early 2018). Microsoft later confirmed to Motherboard thathackers gained access to the content of some customers' emails.

|

A hacker or group of hackers first broke into a customer supportaccount for Microsoft, and then used that to gain access toinformation related to customers' emailaccounts such as the subject lines of their emails and whothey've communicated with.

|

Patrick Hunter, a Director at Aliso Viejo, Calif.-based OneIdentity, said “This latest breach highlights the fact theorganizations, even the size of Microsoft, need to understand thatevery point of access to their network and systems needs to besecured. Hackers are looking for that all-important privilegedaccount, that one account that can lead them either to the datathat they're after or to the next stepping stone.”

|

Hunter added, “GDPR is starting to force companies to take dataprotection seriously but in the case of Microsoft, where they dotake it very seriously, there is still work to be done to protectour personal data from hackers.” The One Identity directorsuggested accounts with access to personal data or privilegesshould receive protection with multi-factor authentication but,even better, locked away under lock and key with a form of passwordstore.

|

“There's no doubt that Microsoft is scrambling to find out howthe credentials were compromised, and to make changes so it doesn'thappen again.” Tim Erlin, VP, product management and strategy atPortland, Ore.-based Tripwire, pointed out, “While there's acertain amount of schadenfreude in discussing the security failingsof a company like Microsoft, these types of incidents should reallyforce every organization to evaluate how they've implemented theirown security controls. There's a reason that incident response ispart of cybersecurity. Prevention is the ideal, but compromiseremains the reality.”

|

Robert Vamosi, senior product marketing manager, SanFrancisco-based ForgeRock, said, “When large corporations likeMicrosoft are compromised by malicious third parties, it shouldserve as an example to organizations everywhere that no one is safefrom cyberattacks.” Affected users, Vamosi held, are nowsusceptible to highly targeted spear phishing attacks by trickingusers into opening email and possibly malicious documentscontaining malware. Even though login credentials were unaffected,users should consider changing their passwords and enablingmulti-factor authentication features if they have not already. Allusers should make sure to check the sender's email addresses ofemails they receive to make sure they are legitimate.”

|

Vamosi added “Companies that suffer data breaches due tocompromised employee accounts should consider implementing singlesign on capabilities within their organization, as SSO also allowsfor improved security, especially when coupled with multi-factorauthentication.”

|

As with all data breaches and/or events the risk could extend to credit unions and other financialinstitutions.

|

According to ZDNet, a hacker, named Gnosticplayers, who wantedto put up for sale the data of over one billion users is gettingdangerously close to his goal after releasing another 65.5 millionrecords recently and reaching a total of 932 million recordsreleased.

|

“With the recent release of records, Gnosticplayers hascompromised nearly one billion records in just two months. Thisdoesn't impact a single industry; this is a widespread issue thatorganizations need to take seriously and it's time companies learnhow to defend their attack surface against these cyberattacks.”Kevin Gosschalk, CEO and co-founder, of San Francisco-based ArkoseLabs, maintained.

|

“Since mid-February, the hacker has been putting batches ofhacked data on Dream Market, a dark web marketplace for sellingillegal products, such as guns, drugs, and hacking tools,” ZDNetreported.

|

The hacker claimed responsibility for the breaches of 44companies. Previously releases came in four rounds: 620 millionuser records, 127 million, 93 million, and 26.5 million, andcontained data from companies like Toronto, Canada-based onlinephotography community 500px, American apparel company UnderArmor,content-sharing widget ShareThis, video hosting company GfyCat, andgenealogy platform MyHeritage.

|

The latest round contained data from six companies: gamingplatform MindJolt, digital mall company Wanelo, e-invitations andRSVP platform Evite, South Korean travel company Yanolja, women'sfashion store Moda Operandi, and Apple repair center iCracked.

|

Gosschalk said, “We've been talking about the hacker,Gnosticplayers, for a few months, yet companies still fail todefend against attacks. After analyzing the type of companiestargeted, there is no rhyme or reason other than their penetrablesecurity.”

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.