The recently reported Microsoft Outlook breach takes a new turn as some users reported the reasons behind the breach: cryptocurrency theft.
According to a Microsoft Outlook user Jevon Ritmeester, the hackers were able to access his inbox and get information about his account from Kraken, a cryptocurrency exchange, that enabled the hackers to withdraw his Bitcoins:
“The hackers also had access to my inbox allowing them to password reset my Kraken.com account and withdrawal [sic] my Bitcoin,” Jevon Ritmeester, a Microsoft user that the company alerted to the data breach, told Motherboard in an email, referring to popular cryptocurrency exchange Kraken.
The user further explained that the hackers set up an email forwarding rule that tags any email with Kraken and automatically forwards it to a Gmail account. The user presumed that this Gmail account is owned by the hackers. These emails include password reset and Bitcoin withdrawal requests. The users later found out upon checking his Outlook account’s trash folder that such requests were indeed executed by the hackers.
The same experience was reported by Reddit user, shinratechlabs who said that they’ve lost 25,000 worth of cryptocurrencies due to the Outlook email breach. Another Reddit user mickey_fickle said that some funds were also stolen from him due to the email breach.
Double your web browsing speed with today's sponsor. Get Brave.
Luckily for the said Outlook user, his Kraken account has no two-factor authentication. This prevented that hackers from taking control of his account and withdraw his Bitcoins. It could have also allowed the hackers to control his phone number to intercept the two-factor authentication token and further give the hackers access to his Kraken account.
For its part, Microsoft issued a statement saying that the breach only affected metadata and customer information included in the email subject lines.
Disappointed with the lack of ample actions from Microsoft who seemed to be taking the matters lightly, the user said that he intends to file a police report and is contemplating on making Microsoft liable for the financial and personal information damages that the Outlook breach has caused him.
Ritmeester believes that Microsoft is taking the matters too lightly and would not admit the gravity of the damage that the breach may have caused to Outlook users especially since user inboxes contain valuable and sensitive information including cryptocurrency accounts.