Establishing Digital Trust: Don't Sacrifice Security for Convenience
The same hackers hit the Twitter, Facebook and WordPress accounts for Skype on January 1, 2014 -- in the recent attacks, they posted the same message they'd posted on January 1: "Don't use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments."
Soon after, the hackers tweeted a screenshot of an internal email sent by Microsoft's Steve Clayton that stated, "Sure you know but @Xbox and @MSFTNews twitter handles just got hacked - same as Skype last week. We were in the process of changing all passwords on @MSFTNews as it happened. Working with the teams now to address as it seems bitly is the backdoor that has been found."
E Hacking News reports that a member of the hacker group has confirmed that the accounts were compromised via a malicious e-mail sent to Microsoft employees.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
As Graham Cluley notes, Microsoft Security had tweeted advice on how to avoid phishing attacks just 10 days ago -- clearly, the people who run the @XboxSupport and @MSFTnews accounts weren't paying attention.