Hackers hit Microsoft customer service system, make off with data

The same hackers behind the SolarWinds attack were able to place information-stealing software on a customer service rep’s computer, the company says.

Edward Moyer

Microsoft said Friday that hackers breached a computer used by one of its customer service agents and stole account data they then used to launch “highly-targeted” attacks on customers. The company identified the hacking group as Nobelium, the same one behind last year’s major SolarWinds breach.

Microsoft has secured the computer, which the hackers infected with information-stealing software, and notified the “small number” of affected customers, it said in a Friday post on its Security Response Center site.

The company sent a warning to affected Microsoft Services subscribers saying the hackers had access to information during the second half of May, Reuters reported late Friday. The pilfered data included billing contact information and what services the customers pay for, the news outlet said. Hackers can use such basic data in bogus emails and phone calls as part of phishing attacks that can help them gain access to more-sensitive information.

Microsoft warned the impacted customers to exercise caution regarding communications with billing contacts and suggested that changing related passwords and usernames might be a good idea, Reuters reported. The company also urged customers to be sure to use multi-factor authentication to protect against hacks. Microsoft’s investigation of the breach is ongoing, and it hasn’t yet found that any customers were successfully compromised.

The tech giant said it discovered the breach while looking into new activity by the Nobelium group. It said just over half that activity was aimed at information-technology companies, followed by government agencies and then a small percentage of nongovernmental agencies, think tanks and financial services firms.

The SolarWinds hacking campaign made headlines in December 2020. It used tainted software from IT management company SolarWinds, along with other hacking methods, to breach thousands of organizations and tunnel deeper into at least nine federal agencies and 100 private companies, Microsoft among them.

Microsoft had no further comment on the customer service breach, apart from its blog post.