Microsoft has disclosed that unauthorized individuals gained access to their systems and obtained emails from both their staff and customers. This announcement comes about six months after Microsoft first revealed the breach.
In January, Microsoft announced that a hacking group called Midnight Blizzard had managed to gain unauthorized access to a limited number of the company’s corporate email accounts. Four months later, it was revealed by Microsoft that these hackers were persistently trying to infiltrate their systems. This raised concerns among security industry peers and customers regarding the ongoing vulnerability of Microsoft’s systems.
“This week, we are reaching out to customers who had interactions with Microsoft corporate email accounts that were compromised by the Midnight Blizzard threat actor,” said a spokesperson from Microsoft in an email statement. According to a report from Bloomberg earlier today, the news was initially disclosed.
Microsoft has confirmed that it is also offering the compromised emails to impacted customers. However, the tech giant has not provided details regarding the number of customers affected or the amount of emails that were compromised. “This provides additional information for customers who have already received notifications and also includes new updates,” the spokesperson stated. “We will continue to provide updates to our customers as we conduct our investigation.”
The Russian government has not yet provided a response to these hacking allegations. Microsoft has revealed that cybersecurity researchers investigating the activities of a Russian hacking group were targeted by hackers.
The revelation underscores the wide-ranging scope of the breach, as Microsoft grapples with growing regulatory scrutiny regarding the security of its software and systems in the face of foreign threats. Last year, an alleged Chinese hacking group carried out a separate breach that led to the theft of thousands of U.S. government emails.