Microsoft Outlook data leaks, cryptocurrency users become hacker targets

Earlier this month, technology media Motherboard found that hackers can not only access the email metadata of Outlook users, but also get the content of the email. The key to this type of attack is that the hacker obtains the login credentials of the Microsoft customer service staff; in this way, the hacker can sneak into the content of any non-enterprise Outlook, Hotmail or MSN account.

Crypto

Today, several victims say they believe that one of the reasons for hacking into such email accounts is to empty people's cryptocurrency accounts.

Microsoft user Jevon Ritmeester revealed:

The hacker visited my inbox, they reset my Kraken.com account password and took my bitcoin.

Ritmeester showed a reminder of the stolen email from Microsoft and related screenshots – the hacker forwarded the mail, and all emails mentioning the word "Kraken" were automatically forwarded to the hacker-controlled Gmail address.

These forwarded messages contain requests for password reset and bitcoin extraction. Ritmeester recently wrote in a post on the Technology Forum that he checked the spam in his mailbox and found that someone had made both requests. In this post, he added that his loss of bitcoin exceeded 1 BTC and the current price of bitcoin was around $5,200.

It seems that Ritmeester is not the only Microsoft user who has stolen money.

Reddit user Shinratechlabs also said, "This directly led to my account being hacked." He said that he lost "25,000 in crypto", but it is not clear whether he lost 25,000 coins or lost 25,000.

Another Reddit user, mickey_ficke, said that he had encountered such a situation, but did not lose a lot of money.

Ritmeester said:

I think Microsoft tried to hide it and didn't take it seriously.

Ritmeester mentioned in the post that he did not enable two-factor authentication (F2A) on Kraken, which would allow hackers to invade cryptocurrency accounts to some extent. If F2A is enabled, the hacker may also have to control the user's phone number in order to steal the cryptocurrency.

A Microsoft spokesperson said in an e-mail on Monday that "if customers think they are affected more than what Microsoft mentioned in the notice, they should contact the Microsoft customer service team for help."

Initially, when TechCrunch and other media reported Outlook data breaches, Microsoft said that only email metadata and customer information were affected, such as subject and recipient, and the sender's email address name. After the reporter told Microsoft that the e-mail content was also affected and submitted relevant evidence, Microsoft revised the statement, but in fact they already realized that the e-mail content was also publicized; the company has sent an email notification to the victim. .

Ritmeester said:

I think Microsoft is saying this to reduce the impact of this leak. I think a lot of users have suffered losses in one way or another because there is a lot of sensitive information in the inbox.

I plan to report the case to the police and consider letting Microsoft bear the economic loss, given that many of my personal information may be leaked in the near future.

Such incidents once again sounded the alarm for cryptocurrency users. The storage of digital assets should try to choose unmanaged wallet or cold storage solution, and it is safest to control the private key by yourself. When you need to use the exchange, you should turn on the more comprehensive security measures for two-factor authentication, so as to avoid hackers.