Microsoft’s Bungled Notification of Russian Hack Exposes Customers to Further Risk
In a shocking display of incompetence, Microsoft has been accused of sending out emails to customers affected by the Russian government hack, "Midnight Blizzard" (or APT29), that look suspiciously like phishing attempts. The emails, which are supposed to inform customers of the breach and the potential theft of their data, have been flagged by experts as potentially malicious.
The notifications, which were sent out months after the initial breach, have been criticized for being vague and lacking in detail. Instead of providing clear instructions on what to do next, the emails include a "secure link" to a domain that bears no apparent connection to Microsoft. This has led many customers to question the legitimacy of the email and wonder if it’s just a clever phishing attempt.
Kevin Beaumont, a former Microsoft employee and cybersecurity researcher, has been warning companies to be on the lookout for these emails, which he claims are not following standard protocol. "Microsoft had a breach by Russia impacting customer data and didn’t follow the Microsoft 365 customer data breach process," he wrote on LinkedIn. "The notifications aren’t in the portal, they emailed tenant admins instead."
But it’s not just Beaumont who’s sounding the alarm. A cybersecurity consultant has come forward to say that several of his clients received the email and were all worried it was a phishing attempt. "At first glance, this did not inspire trust for the recipients, who started asking in forums or reaching out to Microsoft account managers to eventually confirm that the email was legitimate…weird way for a provider like this to communicate an important issue to potentially affected customers," he wrote.
The lack of transparency and clear communication from Microsoft has left customers feeling vulnerable and exposed. With the Russian government hack still fresh in their minds, it’s unacceptable that Microsoft is not taking more concrete steps to protect their customers’ data.
Contact Us
Do you have more information about this Microsoft incident? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email lorenzo@techcrunch.com. You also can contact TechCrunch via SecureDrop.
