Previously, hackers took control over Microsoft Outlook’s email services which enabled them to read the emails of most non-corporate/business account. According to the report, the same hackers went a step ahead and breached into Outlook by abusing a Microsoft customer support portal. They gained access to the content of the email of hundreds of thousands of users and reportedly used that data to steal users’ cryptocurrencies.
According to Motherboard, leading multiple media and news platform, the hackers were able to gain the Microsoft customer support employee’s accounts that help them to break into non-corporate email accounts, including in Outlook, Hotmail and MSN. Microsoft has also confirmed the cyber-attack to TechCrunch.
After the attack, the number of users had come front and reported that the hackers had stolen their digital currencies by gaining access to their crypto exchange account with the help of credentials they have had got from emails. ‘Emptying peoples’ cryptocurrency accounts was one of the main motives behind this cyber-attack,’ Motherboard reported.
Jevon Ritmeester, a Microsoft user told Motherboard in an email that “The hackers also had access to my inbox allowing them to password reset my Kraken.com account and withdrawal [sic] my Bitcoin.” He also provided a Motherboard with ‘the breach notification emails’ he received from Microsoft.
As he wrote on the tech forum, he couldn’t access or login into his Kraken account as its password was changed dramatically. After going through his emails, Outlook emails to be specific, he notices several successful attempts made by hackers that change his Kraken account details. The hackers moved those emails into the trash folder as well.
He further found that the hackers used ‘an email forwarding rule’ that enabled Outlook to automatically shift any email mentioning term ‘Kraken’ to the trash and forward that message to a Gmail address which was controlled by the hackers. At last, he said that ‘his Kraken cryptocurrency exchange account had been hacked and that he lost around 1 bitcoin (worth about $5,260) as a result.’
Ritmeester wasn’t the only victim who lost his crypto holding. Another victim going by the username “Keats852,” said “My account was hacked as a direct result of this.” On Reddit, he reported that he’d lost “25,000 in crypto” due to the same email breach.
“Same exact for me only a lot less funds stolen, sucks,” another Reddit user, mickey_ficke, chimed in. Neither Reddit user responded to a request for comment, said Motherboard.
A Microsoft spokesperson told Motherboard in an email on Monday that, “Customers who believe they have been impacted beyond what was outlined in the company’s notification should contact the Microsoft support team for assistance.”
Talking about how Microsoft is trying to cover up the issue, Ritmeester said: “I feel Microsoft is trying to cover up and is not taking this seriously.” He added, “I am planning to at least file a police report and thinking about holding Microsoft liable for the financial damage and the fact that a lot of my personal information may get leaked in the near future.”