Cyber security news for all

More

    Microsoft Cyber Breach Notification Emails Misdirected to Spam Folders

    Microsoft’s efforts to alert customers about Russian hackers accessing their emails inadvertently led to their breach notification emails being flagged as spam.

    Last year, the Russian nation-state hacker group Midnight Blizzard breached Microsoft’s defenses, compromising the emails of multiple customers. In late June, Microsoft expanded its disclosure, revealing that more organizations were impacted than initially reported.

    Despite Microsoft’s attempt to inform affected users via email, cybersecurity researcher Kevin Beaumont noted challenges with delivery. “The notifications weren’t in the portal – they emailed tenant admins instead. The emails can go into spam, and tenant admin accounts are supposed to be secure breakglass accounts without email,” Beaumont commented on LinkedIn.

    Concerns arose that recipients mistook Microsoft’s notifications as phishing attempts due to inadequate email authentication methods like SPF and DKIM. This confusion prompted users to seek verification through forums or contact Microsoft directly.

    The incident underscores challenges in effectively communicating critical cybersecurity issues to potentially affected customers, especially when trust in email communications is compromised.

    Recent Articles

    Related Stories