Several cryptocurrency holders reported to Motherboard about the about hacker attack on theeir Microsoft Outlook service mailboxes.
According to the publication, the attackers gained access to users' emails using the support service employee account login data. This supposedly allowed them to view the contents of any unincorporated Outlook, Hotmail and MSN accounts.
The hackers also had access to my inbox allowing them to password reset my Kraken.com account and withdrawal my Bitcoin.
According to Jevon, after hacking, the attackers didn't show themselfs, but they set up the mailbox to forward messages with "Kraken" world to their address, including requests for changing the password.
Ritmeester discovered that the attack, only when he decided to check the folder with the deleted letters. In this case, the user has lost one Bitcoin, however, there is evidence that there are other victims.
“My account was hacked as a direct result of this,” Reddit user shinratechlabs wrote earlier this month, adding that he lost “25,000 in crypto".
“Same exact for me only a lot less funds stolen, sucks,” another Reddit user, mickey_ficke, added.
Ritmeester explained that he did not use two-factor authentication, which could protect his account in this case.
Customers who believe they have been impacted beyond what was outlined in the company’s notification should contact the Microsoft support team for assistance.
Previously, Microsoft stated that the vulnerability affects only the mailbox details.
I feel Microsoft is trying to cover up and is not taking this seriously. I think Microsoft talks about this way to lightly [sic] about this leak and I think there are a lot of users who have suffered damage in one way or another as there is a lot of sensitive information in an inbox.I am planning to at least file a police report and thinking about holding Microsoft liable for the financial damage and the fact that a lot of my personal information may get leaked in the near future.
In March, Kraken announced that it would implement two-factor authentication as a must option for all its users.