Slashdot Mirror


Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support (vice.com)

eatmorekix writes: On Saturday, Microsoft confirmed that some users of the company's email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers' email accounts such as the subject lines of their emails and who they've communicated with. But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft's statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access to the content of some customers' emails.

13 of 44 comments (clear)

  1. Hackers! Reading email! With hacks! Hacking! by Anonymous Coward · · Score: 1

    Another headline that promises sensationalist clickbait bullshit and little else.

    How about some real articles, slashdot edito.... n'mind.

  2. I'd consider that quite a feat by damn_registrars · · Score: 1

    I've been trying to get back into my old hotmail address (really just out of curiosity at this point) for years now. I had a hotmail address back in the stone age of the service (before Microsoft had even bee rumored to be interested in buying it) and then I walked away from it. However the address still exists (emails can go there, and Microsoft won't let anyone sign up with it as a new address) but the password recovery / password reset tool doesn't work for it. If I try to reset the password I end up stuck in a loop of "your username does not exist" "please reset the password for your username" that never gets anywhere.

    Of course, an email address that is easily over 20 years old - that hasn't had any meaningful email sent to it in well over 15 years - is not of great value. I searched online for it and found a couple really old forum posts I put up back then where I referenced it but nothing else mentioning it. Being as it was named for a minor character in a video game that most people have forgotten about, it isn't a name in high demand.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:I'd consider that quite a feat by Anonymous Coward · · Score: 3, Funny

      Yeah, I have an ancient pre-Microsoft Hotmail account - 7 letters (my name)@hotmail.com. I'm absolutely certain that Microsoft would do fuck-all in the event of me being locked out of my account.

      I get a LOT of email meant for other people - if I'm bored, I sift through it and fire off some replies. I know how to live.

    2. Re:I'd consider that quite a feat by Howitzer86 · · Score: 2

      Even if it's still there, there's a good chance it's cleaned it out and disabled. I registered mine back when Hotmail was still the name, but then a Gmail invite came from a friend and eventually I stopped logging into it. By the time I did it was basically a new account activation but with a "Welcome back" message. I lost all the old emails and contacts thanks to that.

    3. Re:I'd consider that quite a feat by damn_registrars · · Score: 1

      FWIW I haven't considered my old hotmail address to be valuable for anything for a long, long time. I mostly used it to register on geocities and other unimportant things (and some things that a younger version of myself thought were important at the time). It is highly unlikely that anyone who I would want to be in contact with would have ever attempted to contact me at that address, received no reply, and given up - while I'm not on facebook I am found in enough other places that finding a current email address for me is pretty trivial.

      I was really just trying to get in to my old hotmail address just for curiosity. I wouldn't expect that my old emails from 1997 would be valuable enough to microsoft for them to have bothered to retain them.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  3. You can abuse Microsoft Support? by mykepredko · · Score: 1

    Sounds nice after all the abuse and indifferent service I've gotten from them over the years.

    1. Re:You can abuse Microsoft Support? by SeaFox · · Score: 1

      I don't think we should abuse Microsoft Support. Their jobs are punishing enough already trying to come up with excuses for people for all the bugs in the products.

  4. Better Title: Microsoft Abuses User Trust by Anonymous Coward · · Score: 1

    Why should anyone at MS have access to your hotmail account in the first place, let alone at customer support?

  5. Not sure that’s such a bad thing by Hallux-F-Sinister · · Score: 1

    SOMEONE should read them, and it’s NOT gonna be me, so...

    --
    Our reign has gone on long enough. Indeed. Summon the meteors.
  6. Re:'Abusing'? That's what Microsoft coded it for by Shotgun · · Score: 1

    an embedded tiny computer running MINIX in every Intel CPU sold (outside the US gov), combined with a low speed wireless interface on ALL Intel motherboards (unless the computer is in a Faraday cage) makes external exploits crude by comparison.

    Faraday cage? You mean like those metal boxes that most people put their motherboards in?

    --
    Aah, change is good. -- Rafiki
    Yeah, but it ain't easy. -- Simba
  7. hacked via phone by BringsApples · · Score: 1

    Hacking people over the phone is a lot easier than it should be. Every time I call an ISP for one of my clients, they ask me my name. then, "Oh sorry sir, your name is not in our records. I'd need to speak with the person listed as their manager. Then I just ask if the manager's name is whoever the manager really is. They tell me yes. Then I put them on the phone (I hand them the phone that's got the ISP on it already). The manager tells the ISP, "Yes, put BringsApples on the list of admins." Then I'm an admin. But I always wonder wtf this illusion of security means for all of the real people out there.

    --
    Politics; n. : A religion whereby man is god.
  8. So is MS going to pay the ransom? by jrumney · · Score: 1

    Now that anonymous hacker's story about hacking my email is shown to be at least partially true due to Microsoft's negligence, will Microsoft be paying into his bitcoin account to keep my private videos safe, or do I have to wait until they disclose the vulnerability in Internet Explorer that lets hackers access my webcam even if I use other browsers to view porn sites?

  9. Duh by nullchar · · Score: 1

    Every admin reads email. Which BOFH doesn't have that t-shirt?

    Use GPG or host your own with TLS. And even then, the other party must admin their own email with TLS, then you need Dnssec and other measures to prevent downgrade attacks.

    Only safe way is encryption. And self hosting when you can't. And don't send anything important over email.