By

Microsoft has notified customers that Russian hacking group Midnight Blizzard accessed some of their emails during a data breach on the company's internal systems in late 2023.

The hacking incident was first made public in January. Microsoft initially said that only its internal communications were accessed. The company noted that Midnight Blizzard only gained access to a minimal "percentage" of the company's corporate email accounts.

But on Thursday, the tech giant announced that hackers stole customer emails as it further disclosed the scope of the breach. Microsoft is currently facing growing regulatory scrutiny over the security of its software and systems against foreign threats. 

Microsoft noted that the hackers targeted cybersecurity experts investigating the Russian hacking group's activities. However, the Russian government has never replied to the accusations of hacking.

Microsoft was sharing the compromised emails with its customers and making them aware of the breach by sending emails this week. However, it did not specify the number of clients affected or the potential number of stolen emails.

Microsoft to Lay Off More Than a Thousand Employees at Azure Cloud Unit
(Photo : EVA HAMBACH/AFP via Getty Images) Microsoft will reportedly lay off around 1,500 employees under its Azure cloud unit.

Other Updates That Microsoft Made

Microsoft's update about the January breach follows a string of worrying updates by the company that only seemed to worsen the initially perceived impact. In March, Microsoft noted that it has yet to contain or evict the state-sponsored hackers responsible for the data breach.

After learning that the hackers were still attempting to gain access four months after the November breach, many of its customers and colleagues in the security field became worried. They questioned why Microsoft's systems were still susceptible to attack.

Read Also: Email Bug in Outlook Uncovered, Enabling Microsoft Employee Impersonation 

Past Data Breach Affecting Microsoft

A group of hackers, purportedly from China, also broke into Microsoft's system last summer and took thousands of emails belonging to the US government.

The US Cyber Safety Review Board found that Microsoft's "inadequate" security culture and "cascade of security failures" were to be blamed for the data breach.

Given how crucial Microsoft is to the technology ecosystem and how much its customers depend on it to protect their data and business operations, the Board concluded that the company needed to modify its security culture because it was inadequate and did not meet consumer expectations. 

A Microsoft representative previously said that the firm "fully cooperated with the Board's review" and was grateful for the CSRB's examination on the impact of nation-state threat actors with significant financial resources and functioning continuously without any effective deterrents.

A Microsoft spokesperson further noted that recent events have demonstrated the need for their networks to adopt the new engineering culture for security articulated in their Secure Future Initiative. The company said it has already strengthened its systems and added more sensors and logs to detect and repel the cyber intruders.

Related Article: Russia Disinformation Campaign: Fake Tom Cruise, Paris Olympics Movie Made Using AI 

Written by Aldohn Domingo

(Photo : Tech Times)

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Microsoft Microsoft Russian Data Breach Microsoft Data Breach Microsoft Cyberattack Cybersecurity Cyberattack Cyber Attack Cybercrime Data Breach Data Breaches
Join the Discussion