Early last month (April, 2019), users of Microsoft’s Outlook email were the unfortunate targets of a cyberattack that enabled hackers to access victims’ emails and metadata. But that’s not all the hackers stole… According to the testimonies of several victims, the hackers also reportedly stole from their cryptocurrency accounts, possibly revealing the true motive of the attack.
By accessing a Microsoft customer support emplopyee’s login details the cyber-crimonals breached the company’s email system, according to Motherboard. The attackers were then able to steal the contents of non-corporate Outlook, MSN, and Hotmail accounts. However, it transpires that the hackers did not finnish their attack there. Motherboard reported that the hackers responsible for the breach also helped themselves to the cryptocurrency accounts of a number of victims.
Outlook Hackers stole my Bitcoin
Jevon Ritmeester, a Microsoft user who was notified about the breach, told Motherboard: “The hackers also had access to my inbox allowing them to password reset my Kraken.com account and withdrawal [sic] my Bitcoin,” Kraken is a popular cryptocurrency exchange where users can buy and sell Bitcoin. The hackers reportedly made sure that any email containing the work “Kraken” would be automatically forwarded to an email address controlled by them. This meant that emails concerning the victim’s Kraken account’s password requests, or Bitcoin withdrawal requests, were automatically redirected to the attackers.
According to Motherboard, the hackers stole 1 Bitcoin, worth around $5,000 from Ritmeester. “I think Microsoft talks about this way to lightly [sic] about this leak and I think there are a lot of users who have suffered damage in one way or another as there is a lot of sensitive information in an inbox.” Ritmeester told Motherboard:
I am planning to at least file a police report and thinking about holding Microsoft liable for the financial damage and the fact that a lot of my personal information may get leaked in the near future.
It is not yet clear whether Microsoft is aware that the attackers stole victims’ funds. It is also unknown how many victims’ funds were stolen. Anyone affected by the Microsoft email breach, who also has cryptocurrency accounts, are strongly advised to apply two factor authentication to their cryptocurrency accounts.
Sources and credits: IB Times,