Microsoft Alerts More Customers Exposed to Russian Hackers After Account Breach

Months after Russian hackers breached Microsoft’s corporate email systems, the tech giant is now alerting more people who exchanged emails with Microsoft corporate accounts that certain emails have been accessed or compromised.

“This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” a Microsoft rep said in a statement. “This is increased detail for customers who have already been notified and also includes new notifications.”

Microsoft is letting impacted customers view their exposed correspondence through a link to a special-built portal. Microsoft has not yet shared which or how many organizations, businesses, or individuals are impacted by its latest discovery, but a Reddit user report sharing the Microsoft notification this week suggests some Microsoft 365 business admin accounts have been notified.

The Microsoft breach did include sensitive emails between Microsoft and federal agencies, however. When the emails were swiped, this may have enabled subsequent attacks on US federal agencies, US cybersecurity agency CISA said in April.

The exposed Microsoft corporate emails also allowed the Russian hackers to access Microsoft’s source code. Back in January, hackers accessed Microsoft’s systems and corporate emails by determining the password for a “legacy, non-production test tenant account” that did not have two-factor authentication enabled.

Last year, Microsoft also saw a worrisome breach when Chinese hackers accessed 25 organizations’ email accounts using a Microsoft cloud security flaw. This included US government accounts, prompting regulators to criticize Microsoft’s lax security measures. In April, a CISA board urged Microsoft to make “fundamental” cybersecurity reforms and “adopt a new culture” around security.