Midnight Blizzard, a Russian nation-state hacker gang, breached Microsoft’s security last year, gaining access to the emails of multiple customers. In late June, Microsoft revealed that more organisations were affected than previously assumed. However, the company’s attempts to notify users may not have reached the intended recipients.
According to Kevin Beaumont, a cybersecurity expert and former senior threat intelligence analyst at Microsoft, the company chose to notify affected victims via email.
“The notifications aren’t in the portal – they emailed tenant admins instead. The emails can go into spam, and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers,” Beaumont stated on LinkedIn.
Apart from Beaumont’s warnings, there is some evidence that Microsoft customers are genuinely perplexed. In a Microsoft support page, one customer revealed the email their company received in an attempt to determine whether it was a real Microsoft email.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: