gizmodo.com Open in urlscan Pro
151.101.130.166  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * The A.V. Club
 * Deadspin
 * Gizmodo
 * Jalopnik
 * Jezebel
 * Kotaku
 * Lifehacker
 * The Root
 * The Takeout
 * 
 * The Onion
 * 
 * The Inventory

We come from the future

ShopSubscribe

HomeLatestReviewsTechio9EartherScienceField Guide
We come from the future


 * Home
 * Latest
 * Reviews
 * Tech
 * io9
 * Earther
 * Science
 * Field Guide

AboutGizmodo AdvisorGizmodo Store
Explore our other sites
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 

AdvertisingPrivacyJobsTerms of Use
 * 
 * 
 * 
 * 
 * 

© 2021 G/O Media

HomeLatestReviewsTechio9EartherScienceField Guide




Privacy and Security


MICROSOFT CLAIMED A SECURITY BREACH DIDN'T COMPROMISE EMAIL MESSAGES—IT DID

By
Dell Cameron

4/15/19 3:55PM

Comments (2)


Photo: AP


A series of security reports published over the weekend have raised serious
concerns about Microsoft’s transparency in the wake of a recent data breach.

Advertisement




On Saturday, TechCrunch reported that hackers had gained access to the company’s
email service after compromising a customer support account. Microsoft has
confirmed that a people using MSN.com, Hotmail.com, and Outlook.com accounts
were affected, though it’s unclear how many.

The company contacted at least some affected users and assured them that the
“content of any e-mails or attachments” had not been accessed. Regardless, it
asked them to change their passwords.





The breach, Microsoft said in an email to some customers, was limited to some
metadata, including folder names and email account names, plus some limited
content, e.g., the subject lines of emails. In a statement to TechCrunch, it
also described the number of accounts affected as “a limited subset of consumer
accounts.”

RELATED STORIES

'Automated Racism': Chinese Police Are Reportedly Using AI to Identify Minority
Faces
The Matrix Awakens Is Pushing the Franchise Towards a Possible Reality, In a
Good Way
How Big Oil Rigs the System to Keep Winning

One email to customers read, in part: “Our data indicates that account-related
information (but not the content of any e-mails) could have been viewed, but
Microsoft has no indication why that information was viewed or how it may have
been used.” (Note: Email subject lines are actually considered content, not
metadata, in the eyes of the law.)


G/O Media may get a commission
save 90%
The Unlimited Lifetime Learning Subscription Bundle

Learn everything forever
Improve yourself in the new year (and new years to come) with this unbelievable
deal on a lifetime pass to classes. Includes everything from blockchain to
Rosetta Stone.

Buy for $179 at StackSocial


But when TechCrunch approached Microsoft about the breach, Mirosoft appears to
have kept the worst part of the news to itself—that actual email messages were
compromised in some cases. Motherboard followed up, thanks to a leak, describing
the full scope of the incident:

> “[T]he issue is much worse than previously reported, with the hackers able to
> access email content from a large number of Outlook, MSN, and Hotmail email
> accounts, according to a source who witnessed the attack in action and
> described it before Microsoft’s statement, as well as screenshots provided to
> Motherboard.”

Advertisement




In response to Motherboard’s inquiries, Microsoft admitted that hackers had, in
fact, gained access to the content of some customers’ emails. It also said
customers whose emails had been compromised in this way had been notified—a sign
that it was aware that the problem was bigger than it had let on when first
questioned by TechCrunch.

It’s not a good look. While the company now claims that the content of only 6
percent of the accounts accessed by the hackers had email messages compromised—6
percent of what, you might ask; the company hasn’t said—it’s credibility is now
in questions thanks to its failure to be upfront about the extent of the damage.

Advertisement




Microsoft had the opportunity on Saturday, when first approached by TechCrunch,
to be completely transparent. But it wasn’t until someone leaked Motherboard
information that Microsoft came clean and fessed up.


Advertisement




“Really, what did Microsoft think would happen,” Motherboard report Joseph Cox
tweeted. “Only tell reporters about the metadata exposure, and then... just
expect it to look okay when someone found out about the email content? Trying to
keep parts of a breach under wraps is never a good look.”

The finer details of how the breach occurred in the first place remain for the
most part unclear. Gizmodo has pressed Microsoft for additional details but did
immediately hear back.

Advertisement




Since nearly every company is bound to experience a security breach of some kind
at some point, how the company chooses to respond publicly, and whether it’s
fully transparent with the victims, counts for a lot. It can mean the difference
between consumers being complete outraged in the wake of a breach or grateful
that a company took immediate and appropriate action.

Microsoft doesn’t have long to explain itself and we’ll update if they do.

Subscribe to our newsletter!
News from the future, delivered to your present.
Type your emailSign Me Up
By subscribing you agree to our Terms of Use and Privacy Policy.

[TechCrunch, Motherboard]

Advertisement







TechPrivacy and Security




Featured Videos
Video Player is loading.
Play Video
Pause
Unmute

Current Time 0:03
/
Duration 1:34
Loaded: 44.28%


0:04
Stream Type LIVE
Seek to live, currently playing liveLIVE
Remaining Time -1:31
 
Playback Rate

1x
Chapters
 * Chapters

Descriptions
 * descriptions off, selected

Captions
 * captions off, selected

 * Quality
 * 240p
 * 480p
 * 720p
 * 1080p
 * Auto, selected

Audio Track
 * default, selected

Fullscreen

This is a modal window.


How To Remove Followers From Twitter
John Purkis' Board Game Collection Is No Laughing Matter
11/11/21 10:30AM
How To Set Up Private Relay on iCloud+
11/02/21 11:40AM

You may also like
Kotaku
The Japanese Internet Reacts To Netflix's Cowboy Bebop Cancellation

Today 5:30AM
Deadspin
Allen Iverson’s all-time starting lineup may be the most unstoppable
hypothetical team ever

Yesterday 10:12AM
The A.V. Club
Everyone hated it, so Netflix canceled Cowboy Bebop

Yesterday 7:46PM


Recommended from G/O Media
2021 Gotham Awards: The A.V. Club’s exclusive portrait studio from the big night
11/30/2021, 9:10 PM

The Ten Dumbest Car Names Out There
11/30/2021, 7:50 PM

16 of the Best Cozy Christmas Movies That Aren’t All White People in Sweaters
11/30/2021, 2:00 PM