Microsoft account breach has left many users exposed to spam emails sent from what appears to be a legitimate Microsoft address. Within the first ten words, the scale and nature of the Microsoft account breach alarm security experts worldwide.

Microsoft account breach

Scammers have been abusing an internal Microsoft account to send deceptive emails. These rely on a loophole that allows criminals to look like they are Microsoft themselves. Consequently, people may trust these emails, risking their sensitive information.

It is unclear exactly how this Microsoft account breach happens, but experts suspect scammers set up Microsoft accounts as new customers. Through these means, they can send emails that look like official company alerts. Therefore, unsuspecting users could believe these messages are genuine, making them vulnerable to scams.

The original source from TechCrunch details how emails came from [email protected], which is usually trusted for two-factor codes. Scammers mimicked subject lines related to fraud alerts or private messages. Additionally, screenshots shared publicly show that the spam content is quite obvious when examined closely.

Furthermore, anti-spam nonprofit Spamhaus noticed the breach several months ago. Spamhaus stated that Microsoft’s automatic notification email address was consistently being abused. They urged Microsoft to address the loophole and pointed out that such systems should never permit this level of customization in email alerts.

When asked to comment, Microsoft acknowledged the inquiry but provided no further updates about the Microsoft account breach. This case is just the latest in a series of incidents where attackers have used internal systems to target unsuspecting users. Earlier this year, attackers exploited Betterment’s platform to send out fake crypto notifications. In 2023, hackers used Namecheap’s email access to send phishing messages as well.

Additionally, social media users report that other companies are facing similar problems. This indicates that the Microsoft account breach could be part of a broader issue affecting many organizations.

For more information, please visit the original source at TechCrunch.

Tags: Microsoft account breach, Microsoft email scam, internal account abuse, phishing attack Microsoft, email security breach, deceptive Microsoft emails, scam using Microsoft accounts, spam from Microsoft address