Hackers hit Microsoft customer service system, make off with data

The same hackers behind the SolarWinds attack were able to place information-stealing software on a customer service rep's computer, the company says.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
2 min read
Privacy and security on the internet
James Martin/CNET

Microsoft said Friday that hackers breached a computer used by one of its customer service agents and stole account data they then used to launch "highly targeted" attacks on customers. The company identified the hacking group as Nobelium, the same one behind last year's major SolarWinds breach.

Microsoft has secured the computer, which the hackers infected with information-stealing software, and notified the "small number" of affected customers, it said in a Friday post on its Security Response Center site.

The company sent a warning to affected Microsoft Services subscribers, saying the hackers had access to information during the second half of May, Reuters reported late Friday. The pilfered data included billing contact information and what services the customers pay for, the news outlet said. Hackers can use such basic data in bogus emails and phone calls as part of phishing attacks that can help them gain access to more-sensitive information.

Microsoft warned the impacted customers to exercise caution regarding communications with billing contacts and suggested changing related passwords and usernames, Reuters reported. The company also urged customers to be sure to use multi-factor authentication to protect against hacks. Microsoft's investigation of the breach is ongoing, and it hasn't yet found that any customers were successfully compromised.

The tech giant said it discovered the breach while looking into new activity by the Nobelium group. It said just over half that activity was aimed at information-technology companies, followed by government agencies and then a small percentage of nongovernmental agencies, think tanks and financial services firms.

The SolarWinds hacking campaign made headlines in December 2020. It used tainted software from IT management company SolarWinds, along with other hacking methods, to breach thousands of organizations and tunnel deeper into at least nine federal agencies and 100 private companies, Microsoft among them.

Microsoft had no further comment on the customer service breach, apart from its blog post.

Read more: SolarWinds hackers: What you need to know