Hackers breached a computer used by one of its customer service agents and stole account data they then used to launch “highly-targeted” attacks on customers. The company identified the hacking group as Nobelium. Microsoft has secured the computer, which the hackers infected with information-stealing software, and notified the “small number” of affected customers.
The company sent a warning to affected Microsoft Services subscribers saying the hackers had access to information during the second half of May.The pilfered data included billing contact information and what services the customers pay. Hackers can use such basic data in bogus emails and phone calls as part of phishing attacks that can help them gain access to more-sensitive information.
Microsoft warned the impacted customers to exercise caution regarding communications with billing contacts and suggested that changing related passwords The company also urged customers to be sure to use multi-factor authentication to protect against hacks. The tech giant said it discovered the breach while looking into new activity by the Nobelium group.
The SolarWinds hacking campaign made headlines in December 2020. It used tainted software from IT management company SolarWinds, Microsoft one among them.