Microsoft admits they were hacked. Explains how it worked and what happened. No big deal. companies get hacked. That's life.

Indirectly admits that all of their customer support agents have access to your inbox.

Cool. Deleting my Outlook email. Thanks guys.

I got called by a lovely man with a thick Indian accent from Microsoft the other day, he connected to my dextop and now the hackers and wirusses are tone!

In a seriousness though, that is kinda terrifying. My school recently switched from Gmail to Outlook, fuck me I suppose.

I understand that operations or even some developers have access to production data, but why support o.O

I know a few companies that require you to flip a switch to allow someone into your account

@alexbrooklyn do not think gmail is any better. They can also read your email according to the terms.

@Codex404 Alright, let's use my own server on a vps then, it sucks that we have to use it at school

@alexbrooklyn so corporate or school accounts don't apply. Apparently they can't read those. Believe that at your own discretion.

@Codex404 I bet they can. Not even doubting that. I'm just baffled that Microsoft thought "they compromised a support agents account which gave them access to read your emails" was even remotely exceptable to say! Like I'm supposed to be like "oh okay makes sense. That's not indictive of a larger issue"

@alexbrooklyn would it have bothered you less if the person calling you had a nice Western accent rather than a "thick" Indian accent?
Just asking

@rkzo I was referring to those tech support scammers that almost always call from India and pretend that something is wrong with your pc, he was calling from Windows support while I was using Linux

As far as I know, they just said that a compromised employee account was used to gain access to the system.
They might've needed to do some other privilege escalations and what not to gain access to the e-mails.

@gathurian could be. From how the arstechnical article read (and I skimmed and I didn't read other articles. As always, do your own research kids), it sounds like Microsoft asserted "they were able to read subject lines because they compromised a support tech. And support techs can see all the subject lines of your email. So yeah."

To which the hackers responded "we can see a lot more than that. Maybe we got a high up support supervisor, but we can read full message bodies!"

Either way.... Really not a good statement from Microsoft. I think we all know that email isn't secure. But they aren't even gonna try to pretend it is. Worse than that, they practically said "your emails are stored plaintext. We probably all knew that. But did you know we let low level support techs read your emails?!"

@alexbrooklyn mailcow! Its built on docker.. But just throw it into a VM and you're good to go!