Microsoft Data Breach Highlights Need for MSP Collaboration and Security

A recently announced a data security breach of Microsoft’s Outlook.com product has many wondering how to work with MSP customers to understand the scope and impact.

What Happened to Outlook.com Data?

It appears that the breach occurred when a support agent’s access credentials were compromised. Support agents are customer service representatives that handle technical issues and complaints. That led to unauthorized access to a portion of the accounts on Microsoft’s web email service from January 1 to March 29, 2019.

The hack apparently affected Hotmail and MSN users in addition to Outlook account holders. In an email to users, Microsoft noted that, “This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments,”

Microsoft also said that the hackers were able to access content on about 6 percent of users.

Is That the Complete Scope of the Breach?

Not necessarily.

“At this time the impact of this particular breach is still under investigation,” noted Swinburne Charles of Checksum Systems, a Toronto IT services company. “However, overall it would not surprise any security expert that far more users were affected. The mere fact that the Microsoft support engineer’s credentials were affected so long would imply that the perpetrators had unfettered access to millions of email addresses and could have simply ‘botted’ their way around those mailboxes, scraping information such as name, email address, mail subject, and message body.”

Phil Cardone of Radius Executive IT, a Boston-area IT company, pointed out that Microsoft support technicians do not have access to end-user protected data. “This breach could have been much worse if the hackers had destructive intent and compromised the integrity of the Microsoft Office 365 environment,” Cardone said.

“The impact of this attack shows how vulnerable we all are to hacking,” added Anthony Buonaspina of Long Island, New York-based IT support company LI Tech Advisors. “Even through no fault of our own, our information can be compromised by a lapse in security by some individual at a company that maintains our information. It’s scary that these types of hacks can happen without our knowledge and we may or may not even get notified for months after an attack.”

What Should I Do If I Have an MSN, Hotmail or Outlook Account?

In cases like this, it’s important to take precautionary steps, whether or not your account is affected.

“Users should continue to employ safe email practices, keeping an eye out for an increase in phishing emails designed to solicit a response,” said Sarah Ober of Washington, D.C.-based IT company Intelice. “Attackers gained access to email addresses of contacts and had visibility into subject lines of emails, which could be used in targeted attacks.”

Buonaspina, Cardone and Charles all urged users to change their passwords immediately. Charles noted that companies “should not skimp” on deploying two-factor or multi-factor authorization for systems and applications. Cardone encouraged global account administrators to firm up security on Office 365 tenant accounts and using Office 365 Secure Score to assess and provision as many precautions as possible.

Is This Attack Like Other Ongoing Breaches or Is Something More Significant about This One?

“This attack is like many other ongoing breaches where soft passwords or internal security procedures are lax, allowing for security breaches like we see with Microsoft,” Buonaspina said. “What’s more significant about this one is that it undermines our trust in a major corporation. If they can’t get it right, how the hell are smaller, less security-minded companies supposed to keep their data and their clients’ data safe?”

Ober noted the need for end-user vigilance. “One concerning part about this breach was that it involved compromised credentials of a Microsoft support technician, and lasted for multiple months before being remediated,” she said. “It highlights the importance for all support staff to be vigilant with their own chain of security, as it is only as strong as the weakest link.”

“This attack went after the back-end system infrastructure versus the actual end-user experience,” Cardone explained. “A typical breach may affect day-to-day interactions between people and organizations, whereas this attack could have affected the structural integrity of the Microsoft Office 365 system infrastructure. This could have been much worse than it was.”