Microsoft’s Email Notification About Russian Hackers Lands in Spam Folder
Microsoft’s attempt to inform customers of Russian hackers going through their emails resulted in delivery into a spam folder, causing confusion and concern among affected users. The Russian nation-state hacker group Midnight Blizzard successfully breached Microsoft’s defenses last year, gaining access to the emails of numerous customers. In late June, Microsoft revealed that more organizations were impacted by the breach than initially thought.
However, the company’s efforts to notify affected users may have missed the mark. Cybersecurity researcher Kevin Beaumont pointed out that Microsoft chose to inform victims via email, which could have ended up in spam folders or been mistaken for phishing attempts. The breach notification emails reportedly lacked basic email authentication methods, further complicating the situation.
Many organizations reportedly disregarded the emails or marked them as spam, prompting users to seek confirmation from Microsoft account managers or online forums. This lack of trust in the communication method raised concerns about how Microsoft handled such a critical issue.
Microsoft confirmed in January that Midnight Blizzard was behind the breach, with the same group responsible for the notorious SolarWinds hack in 2020. Despite the company’s efforts to address the breach and inform affected users, the delivery issues highlight the challenges of communicating sensitive information in the digital age.