Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support (vice.com)
eatmorekix writes: On Saturday, Microsoft confirmed that some users of the company's email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers' email accounts such as the subject lines of their emails and who they've communicated with. But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft's statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access to the content of some customers' emails.
Another headline that promises sensationalist clickbait bullshit and little else.
How about some real articles, slashdot edito.... n'mind.
I've been trying to get back into my old hotmail address (really just out of curiosity at this point) for years now. I had a hotmail address back in the stone age of the service (before Microsoft had even bee rumored to be interested in buying it) and then I walked away from it. However the address still exists (emails can go there, and Microsoft won't let anyone sign up with it as a new address) but the password recovery / password reset tool doesn't work for it. If I try to reset the password I end up stuck in a loop of "your username does not exist" "please reset the password for your username" that never gets anywhere.
Of course, an email address that is easily over 20 years old - that hasn't had any meaningful email sent to it in well over 15 years - is not of great value. I searched online for it and found a couple really old forum posts I put up back then where I referenced it but nothing else mentioning it. Being as it was named for a minor character in a video game that most people have forgotten about, it isn't a name in high demand.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Sounds nice after all the abuse and indifferent service I've gotten from them over the years.
Mimetics Inc. Twitter
Why should anyone at MS have access to your hotmail account in the first place, let alone at customer support?
SOMEONE should read them, and it’s NOT gonna be me, so...
Our reign has gone on long enough. Indeed. Summon the meteors.
an embedded tiny computer running MINIX in every Intel CPU sold (outside the US gov), combined with a low speed wireless interface on ALL Intel motherboards (unless the computer is in a Faraday cage) makes external exploits crude by comparison.
Faraday cage? You mean like those metal boxes that most people put their motherboards in?
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Hacking people over the phone is a lot easier than it should be. Every time I call an ISP for one of my clients, they ask me my name. then, "Oh sorry sir, your name is not in our records. I'd need to speak with the person listed as their manager. Then I just ask if the manager's name is whoever the manager really is. They tell me yes. Then I put them on the phone (I hand them the phone that's got the ISP on it already). The manager tells the ISP, "Yes, put BringsApples on the list of admins." Then I'm an admin. But I always wonder wtf this illusion of security means for all of the real people out there.
Politics; n. : A religion whereby man is god.
Now that anonymous hacker's story about hacking my email is shown to be at least partially true due to Microsoft's negligence, will Microsoft be paying into his bitcoin account to keep my private videos safe, or do I have to wait until they disclose the vulnerability in Internet Explorer that lets hackers access my webcam even if I use other browsers to view porn sites?
Every admin reads email. Which BOFH doesn't have that t-shirt?
Use GPG or host your own with TLS. And even then, the other party must admin their own email with TLS, then you need Dnssec and other measures to prevent downgrade attacks.
Only safe way is encryption. And self hosting when you can't. And don't send anything important over email.