After six months, Microsoft said Thursday that Russian hackers who got into its systems and spied on worker inboxes earlier this year took consumer emails
The breach’s scope is emphasized by the disclosure, which comes as Microsoft is subjected to heightened regulatory surveillance regarding the security of its software and systems in the face of foreign threats.
An alleged Chinese hacking group that separately breached Microsoft last year seized thousands of U.S. government emails.
Microsoft has stated that the hackers targeted cybersecurity researchers investigating the Russian hacking group’s actions. Still, the Russian government has never responded to the allegations of its involvement in the Microsoft hacking.
“This week, we are extending notifications to customers who communicated with Microsoft corporate email accounts that the Midnight Blizzard threat actor exfiltrated,” stated a Microsoft spokesperson in an email. The action was initially reported on by Bloomberg earlier in the day.
Microsoft stated that it was also disclosing the compromised emails to its customers. However, it did not specify the number of customers affected or the potential number of stolen emails.
“This is increased detail for customers who have already been notified and also includes new notifications,” according to the spokesperson.
“We’re committed to sharing information with our customers as our investigation continues.”
Midnight Blizzard had accessed “a tiny percentage” of the world’s largest software vendor’s corporate email accounts, the company had stated in January.
Many of its security industry colleagues and customers were alarmed to learn that the hackers were still attempting to break in four months later, and they questioned why Microsoft’s systems remained vulnerable.
Microsoft President Brad Smith stated that the company was revising its security protocols in response to last year’s Chinese compromise and the intrusions above during a Congressional hearing earlier this month.
