Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

eatmorekix writes: On Saturday, Microsoft confirmed that some users of the company's email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers' email accounts such as the subject lines of their emails and who they've communicated with. But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft's statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access to the content of some customers' emails.

Hackers! Reading email! With hacks! Hacking!

Another headline that promises sensationalist clickbait bullshit and little else.

How about some real articles, slashdot edito.... n'mind.

Re:Hackers! Reading email! With hacks! Hacking!

It wasn't even hacking. Just social engineering Microsoft's customer service support. You might as well call buying politicians hacking.

I'd consider that quite a feat

[damn_registrars]

I've been trying to get back into my old hotmail address (really just out of curiosity at this point) for years now. I had a hotmail address back in the stone age of the service (before Microsoft had even bee rumored to be interested in buying it) and then I walked away from it. However the address still exists (emails can go there, and Microsoft won't let anyone sign up with it as a new address) but the password recovery / password reset tool doesn't work for it. If I try to reset the password I end up stuck in a loop of "your username does not exist" "please reset the password for your username" that never gets anywhere.

Of course, an email address that is easily over 20 years old - that hasn't had any meaningful email sent to it in well over 15 years - is not of great value. I searched online for it and found a couple really old forum posts I put up back then where I referenced it but nothing else mentioning it. Being as it was named for a minor character in a video game that most people have forgotten about, it isn't a name in high demand.

Re:I'd consider that quite a feat

Russian h@X0rs were using you old hotmail account, or maybe Al-Qaeda sleeper cell agents. We must remain vigilant to keep the homeland safe and secure. Sieg heil it! AE911Truth Org

Re:I'd consider that quite a feat

Yeah, I have an ancient pre-Microsoft Hotmail account - 7 letters (my name)@hotmail.com. I'm absolutely certain that Microsoft would do fuck-all in the event of me being locked out of my account.

I get a LOT of email meant for other people - if I'm bored, I sift through it and fire off some replies. I know how to live.

Re:I'd consider that quite a feat

[Howitzer86]

Even if it's still there, there's a good chance it's cleaned it out and disabled. I registered mine back when Hotmail was still the name, but then a Gmail invite came from a friend and eventually I stopped logging into it. By the time I did it was basically a new account activation but with a "Welcome back" message. I lost all the old emails and contacts thanks to that.

Re:I'd consider that quite a feat

[damn_registrars]

FWIW I haven't considered my old hotmail address to be valuable for anything for a long, long time. I mostly used it to register on geocities and other unimportant things (and some things that a younger version of myself thought were important at the time). It is highly unlikely that anyone who I would want to be in contact with would have ever attempted to contact me at that address, received no reply, and given up - while I'm not on facebook I am found in enough other places that finding a current email address for me is pretty trivial.

I was really just trying to get in to my old hotmail address just for curiosity. I wouldn't expect that my old emails from 1997 would be valuable enough to microsoft for them to have bothered to retain them.

'Abusing'? That's what Microsoft coded it for

Microsoft is a partner of the NSA. Microsoft does NOT have fundamental exploits in Windows by 'accident' or 'incompetence' as this warmongering neoliberal outlet suggests.

Take a history FACT about MS. It's early document/helpfile fileformat. This fileformat- understood to be for read only books, allowed, by design, execution of embedded code. So bad was this exploit, the format was utterly depreciated on any network system when the NSA functionality became generally known.

Indeed a fav trick of the NSA is having code embedded in all kinds of file-formats where no-one would expect code function. This included .PDF and many early image formats.

Today the coders working for the NSA at Google, Apple, and Microsoft (with the explicit permission of the controllers of these companies) use better tricks- usually hiding the exploits in the OS itself. Today Intel's NSA sponsored IME, an embedded tiny computer running MINIX in every Intel CPU sold (outside the US gov), combined with a low speed wireless interface on ALL Intel motherboards (unless the computer is in a Faraday cage) makes external exploits crude by comparison.

Every Intel PC that is on at least stand-by power can be silently connected to by an NSA agent within a certain number of meters (maybe hundreds), and the unstobbable MINIX OS (that operates wholly within the CPU) can power up and read/write to connected interal storage. NO- your PC does not need to have a wireless chip that you know about. This aerial is on the chip itself- the only downside is that the wireless connection is much slower than any standard wireless connection.

Anyhoo, this MHT attack vector mentioned in the OA is an old school NSA trick.

PS MS only patches out exploits when the j-ish criminals in izrael who learn of the exploits from their j-ish mates in the NSA pass on knowledge of the exploits to their j-ish mates in Ukraine, where the majority of cybercrime is masterminded.

NSA exploits make PCs buggy and massively power inefficient. Yet the dribbling neoliberal supporters of the NSA, like Slashdot, claim to their idiot readers to be 'green'. How neoliberals play their sheeple supporters.

Re: 'Abusing'? That's what Microsoft coded it for

It happens. Again and again and again..

Re:'Abusing'? That's what Microsoft coded it for

[Shotgun]

an embedded tiny computer running MINIX in every Intel CPU sold (outside the US gov), combined with a low speed wireless interface on ALL Intel motherboards (unless the computer is in a Faraday cage) makes external exploits crude by comparison.

Faraday cage? You mean like those metal boxes that most people put their motherboards in?

This moron thinks slashdotmedia= neoliberal? lol?

"NSA exploits make PCs buggy and massively power inefficient." - Citation required.

"Indeed a fav trick of the NSA is having code embedded in all kinds of file-formats where no-one would expect code function. This included .PDF and many early image formats." - You're saying there's infected pdf's? Oh my!

" and the unstobbable MINIX OS " - Unstobbable? Reaaaaaaallllllly?!

You can abuse Microsoft Support?

[mykepredko]

Sounds nice after all the abuse and indifferent service I've gotten from them over the years.

Re: You can abuse Microsoft Support?

Funny +NaN, waiting for the pushback right now. Zero complaints so far.

Re:You can abuse Microsoft Support?

[SeaFox]

I don't think we should abuse Microsoft Support. Their jobs are punishing enough already trying to come up with excuses for people for all the bugs in the products.

Re: You can abuse Microsoft Support?

There's a big difference between 'abuse' and 'indifference', usually.

Indifference is what happens when a customer of MS posts a suport or advice request on any of the myriad online forums that finish with 'We have closed your request because it has been ignored elsewhere.'

Vilification and similar abuse should not happen. It's rude, employees don't sign up for that sort of thing, and it's psychologically damaging to them. Also, it is traffic in the wrong direction: the Customer Vilification Experience Program has evolved considerably since the days of Clippy, the Ribbon, and non-intuitive tiles.

Its quite a feat to be able to find anyone

That could be considered to be Microsoft support!!!

"Abusing" support???

Are they calling Microsoft support and calling them ugly and fat and demanding that they perform sexual acts on themselves? And then laughing when the support person starts crying?

Better Title: Microsoft Abuses User Trust

Why should anyone at MS have access to your hotmail account in the first place, let alone at customer support?

Not sure that’s such a bad thing

[Hallux-F-Sinister]

SOMEONE should read them, and it’s NOT gonna be me, so...

Re: Trying to "FRAME" me? Give up/Forget it... apk

You're confused. Kendall is a sodomite, not a semite.

Linking email to other stuff not so great

Microsoft almost makes you get a email account anymore so you can sign in to other Microsoft services, Office 365, XBox, etc. Microsoft not the only ones as Apple does with Apple ID, and Google does with its own Google account. Yes, way more simpler for the end user, way more exposed then it should be.

Fuck Off APK

Fuck Off APK

Re:Fuck Off APK

That's not APK. It's you trying to frame him again. He made you fuck off easily making you run from a question here hahaha https://it.slashdot.org/commen...

hacked via phone

[BringsApples]

Hacking people over the phone is a lot easier than it should be. Every time I call an ISP for one of my clients, they ask me my name. then, "Oh sorry sir, your name is not in our records. I'd need to speak with the person listed as their manager. Then I just ask if the manager's name is whoever the manager really is. They tell me yes. Then I put them on the phone (I hand them the phone that's got the ISP on it already). The manager tells the ISP, "Yes, put BringsApples on the list of admins." Then I'm an admin. But I always wonder wtf this illusion of security means for all of the real people out there.

That's nothing...

I can read your slashdot posts!

Another reason to run your own email server

Then if you get your email accounts hacked over the phone then you probably get what you deserve.

See you had to try "downmod hide" this 2x

What's 'antisemitic' about FACTS? The jew have been kicked from ~dozen nations over time: WHY IS THAT? Explain that (going to tell me the nations were all "nazis"?).

* Dearest JEW, please tell us more, ok??

(See subject & last 2x times I posted this question YOU TRIED DOWNMOD HIDING IT, lol as proof thereof of MY SHUTTING YOUR DULL-WITTED ASS DOWN easily https://it.slashdot.org/commen... & https://it.slashdot.org/commen... as YOU were unable to answer that to counter it's fact... )

APK

P.S.=> This ought to be good - it already IS, you're SPEECHLESS & trying to HIDE what you can't beat - fact... apk

See you tried 'downmod hiding' this 2x too

Security pros, results & /. registered users disagree w/ you troll: So EAT YOUR WORDS vs. https://yro.slashdot.org/comme... you CHUMP!

* Stooge - tell us: HOW DOES EATING YOUR WORDS TASTE?

(A bit like your FOOT in your MOUTH ramming those lies of yours BACK DOWN your PENCIL CHICKEN-NECK throat, WASHED DOWN by the BITTER taste of YOUR SELF-defeat, perhaps? RoTfLmAo @ U - Yes!)

APK

P.S.=> See subject: Hohohoho I see you don't LIKE how YOUR WORDS TASTE now that you had to EAT THEM hahaha - you TRIED to DOWNMOD HIDE this last 2x I posted it https://it.slashdot.org/commen... & + https://it.slashdot.org/commen... CLUE: I won't LET you, I won't allow it & I CRUSH YOU with it - EASILY! Lmao ... apk

As opposed to Google

Who reads your email to sell you ads as a "convenience" to you.

So is MS going to pay the ransom?

[jrumney]

Now that anonymous hacker's story about hacking my email is shown to be at least partially true due to Microsoft's negligence, will Microsoft be paying into his bitcoin account to keep my private videos safe, or do I have to wait until they disclose the vulnerability in Internet Explorer that lets hackers access my webcam even if I use other browsers to view porn sites?

Duh

[nullchar]

Every admin reads email. Which BOFH doesn't have that t-shirt?

Use GPG or host your own with TLS. And even then, the other party must admin their own email with TLS, then you need Dnssec and other measures to prevent downgrade attacks.

Only safe way is encryption. And self hosting when you can't. And don't send anything important over email.

No problem here

I'm all for abusing Microsoft Support, but stealing passwords is another matter!