Microsoft has disclosed that Russian hackers, who had previously infiltrated staff inboxes, also accessed emails from customers. This revelation comes six months after the initial exposure of the attack, highlighting the extensive impact of the breach as Microsoft faces increasing scrutiny over the security of its software and systems against foreign threats.
An allegedly Chinese hacking group had separately breached Microsoft last year, stealing thousands of U.S. government emails. While the Russian government has not responded to the hacking allegations, Microsoft stated that the hackers targeted cybersecurity researchers investigating the actions of the Russian hacking group.
A Microsoft spokesperson, in an emailed statement, said, “This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” Bloomberg first reported on the action earlier in the day.
Microsoft mentioned that it is sharing the compromised emails with its customers but did not specify the number of customers affected or the quantity of emails stolen. “This is increased detail for customers who have already been notified and also includes new notifications,” the spokesperson added. “We’re committed to sharing information with our customers as our investigation continues.”
In January, Microsoft, the world’s largest software vendor, had stated that Midnight Blizzard had accessed “a very small percentage” of the company’s corporate email accounts. However, four months later, it reported that these hackers were still attempting to breach its systems, causing alarm among its security industry peers and customers, who questioned the continued vulnerability of Microsoft’s systems.