Hackers hit Microsoft customer service system, make off with data – CNET


Privacy and security on the internet

James Martin/CNET

Microsoft said Friday that hackers breached a computer used by one of its customer service agents and stole account data they then used to launch “highly-targeted” attacks on customers. The company identified the hacking group as Nobelium, the same one behind last year’s major SolarWinds breach.

Microsoft has secured the computer, which the hackers infected with information-stealing software, and notified the “small number” of affected customers, it said in a Friday post on its Security Response Center site.

The company sent a warning to affected Microsoft Services subscribers saying the hackers had access to information during the second half of May, Reuters reported late Friday. The pilfered data included billing contact information and what services the customers pay for, the news outlet said. Hackers can use such basic data in bogus emails and phone calls as part of phishing attacks that can help them gain access to more-sensitive information.

Microsoft warned the impacted customers to exercise caution regarding communications with billing contacts and suggested that changing related passwords and usernames might be a good idea, Reuters reported. The company also urged customers to be sure to use multi-factor authentication to protect against hacks. Microsoft’s investigation of the breach is ongoing, and it hasn’t yet found that any customers were successfully compromised.

The tech giant said it discovered the breach while looking into new activity by the Nobelium group. It said just over half that activity was aimed at information-technology companies, followed by government agencies and then a small percentage of nongovernmental agencies, think tanks and financial services firms.

The SolarWinds hacking campaign made headlines in December 2020. It used tainted software from IT management company SolarWinds, along with other hacking methods, to breach thousands of organizations and tunnel deeper into at least nine federal agencies and 100 private companies, Microsoft among them.

Microsoft had no further comment on the customer service breach, apart from its blog post.

Read more: SolarWinds hackers: What you need to know

Like it? Share with your friends!



Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
The Classic Internet Listicles
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Upload your own images to make custom memes
Youtube, Vimeo or Vine Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format