微软披露部分hotmail.com电子邮件泄露,称黑客入侵用户数据
2019/04/14 10:58:00 来源:Linux公社 作者:醉落红尘

微软刚刚透露,今年早些时候遭遇黑客入侵,黑客能够访问某些用户的电子邮件信息。

微软解释说,一个恶意行动者设法破坏了微软支持代理的凭据。

微软披露部分hotmail.com电子邮件泄露,称黑客入侵用户数据

这使得不为微软工作的个人可以访问存储在微软电子邮件账户中的信息(@outlook.com, @hotmail.com, @msn.com),不过企业用户没有受到影响。

暴露给黑客的信息包括电子邮件地址、文件夹名称、电子邮件的主题行、与用户通信的其他电子邮件地址的名称。微软声称,没有任何电子邮件内容或附件暴露给黑客。

微软表示,未经授权的访问记录在2019年1月1日至2019年3月28日之间,但该公司没有提供任何关于黑客是如何设法破坏支持代理证书的细节。

密码未曝光

这家软件巨头说,一旦发现这个漏洞,它就立即关闭了这个受到攻击的账户。

“在意识到此问题后,Microsoft立即禁用了受感染的凭据,禁止将其用于任何进一步的未经授权的访问。 我们的数据显示,可能已经查看了与帐户相关的信息(但不包括任何电子邮件的内容),但微软没有说明这些信息被浏览的原因,也没有说明这些信息可能被如何使用,”微软在发给受影响用户的电子邮件中表示。

微软现在警告说,越来越多的钓鱼邮件可能被发送给用户,并建议所有人重置密码。然而,重要的是要知道密码不会暴露给黑客,尽管微软说最好“出于谨慎”更改密码。

目前,尚不清楚有多少用户被曝光,但根据被引用的消息来源,至少有一些用户可能是在欧洲。

您可以阅读下面的完整电子邮件,如果需要更多信息和帮助,您可以通过ipg-ir@microsoft.com联系该公司的事件响应团队。

Dear Customer

 Microsoft is committed to providing our customers with transparency. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.

 We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.

 Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source (you can read more about phishing attacks at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing).

 It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.

 If you require further assistance, or have any additional questions or concerns, please feel free to reach out to our Incident Response Team at ipg-ir@microsoft.com. If you are a citizen of European Union, you may also contact Microsoft’s Data Protection Officer at:

 EU Data Protection Officer
 Microsoft Ireland Operations Ltd
 One Microsoft Place,
 South County Business Park,
 Leopardstown, Dublin 18, Ireland
 dpoffice@microsoft.com

 Microsoft regrets any inconvenience caused by this issue. Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.

Linux公社的RSS地址https://www.linuxidc.com/rssFeed.aspx

本文永久更新链接地址https://www.linuxidc.com/Linux/2019-04/158089.htm


8

本栏最新