Hackers Looted Users’ Cryptocurrency Funds after Breaching into their Microsoft Outlook Accounts

Recently, hackers breached Microsoft Outlook by abusing a Microsoft customer support portal that enabled them to read the emails of any non-corporate account. It appears that the same hackers have used the data to access the users’ crypto exchange account and steal their cryptocurrency funds.

After the breach, a number of victims have reported that hackers stole their cryptocurrency funds. According to Motherboard, the hackers were able to gain the Microsoft customer support employee’s accounts that help them to break into non-corporate email accounts, including in Outlook, Hotmail and MSN. Microsoft has also confirmed the cyber-attack to TechCrunch.

Since the attack occurred, a plethora of users stepped up publicly to report hackers stole their cryptocurrency. Not surprisingly, emptying peoples’ cryptocurrency accounts was one of the main motives behind this cyber-attack, Motherboard concluded.

Jevon Ritmeester, a Microsoft user, told Motherboard in an email that “The hackers also had access to my inbox allowing them to password reset my Kraken.com account and withdrawal [sic] my Bitcoin.” He also provided Motherboard with ‘the breach notification emails’ he received from Microsoft.

Ritmeester wrote on the technology forum Tweakers that he wasn’t able to gain access to his account on the crypto exchange Kraken, as his password no longer worked. After searching in Outlook, he found several ‘change credential’ notifications which were moved to the trash. He further found that the hackers used ‘an email forwarding rule’ that enabled Outlook to automatically shift any email mentioning the term ‘Kraken’ to the trash and forward that message to a different Gmail address which was controlled by the hackers. At last, he said that ‘his Kraken cryptocurrency exchange account had been hacked and that he lost around 1 bitcoin (worth about $5,260) as a result.’

Ritmeester wasn’t the only victim who lost his crypto holding. Another victim going by the username “Keats852,” said “My account was hacked as a direct result of this.” On Reddit, he reported that he’d lost “25,000 in crypto” due to the same email breach.

“Same exact for me only a lot less funds stolen, sucks,” another Reddit user, mickey_ficke, also expressed his frustration. Neither Reddit user responded to a request for comment, said Motherboard.

A Microsoft spokesperson told Motherboard in an email on Monday:

“Customers who believe they have been impacted beyond what was outlined in the company’s notification should contact the Microsoft support team for assistance.”

Talking about how Microsoft is trying to cover up the issue, Ritmeester said:

“I feel Microsoft is trying to cover up and is not taking this seriously. I am planning to at least file a police report and thinking about holding Microsoft liable for the financial damage and the fact that a lot of my personal information may get leaked in the near future.”

This isn’t the first entanglement of Microsoft with crypto hackers. Previously, it was found that eight cryptojacking apps were detected in the tech giant’s app story.

Sharing Is Caring: