Tech giant Microsoft on Friday made the announcement that its system which is used by one of its customer service agents and a number of account data were stolen from the “highly-targeted” attacks on its customers.
The hackers were identified by Microsoft to being Nobelium which is the same group caught in the last year’s major SolarWinds data breach during the COVID-19 pandemic.
Microsoft also said it was able to secure the computer which was infected by an information-stealing software. It also proceeded to notify the “small number” of affected customers all which was posted on its Security Response Center site.
The affected Microsoft Services Subscribers were notified and warned about the information that was stolen from the system during the second half of the month of May.
Some of the information stolen includes billing contact information and what services the customers pay for according to a late night report on Reuters.
Suggestions has it that such information can be used in email and phone calls for phishing attacks which can be used to even gain more sensitive information from unsuspecting internet users.
Microsoft warned the impacted customers to exercise caution regarding communications with billing contacts and suggested that changing related passwords and usernames might be a good idea, Reuters reported. The company also urged customers to be sure to use multi-factor authentication to protect against hacks. Microsoft’s investigation of the breach is ongoing, and it hasn’t yet found that any customers were successfully compromised.
Microsoft was able to detect the breach while it looked into new activity by the Nobelium group and said just over half that activity was aimed at information-technology companies and then government agencies as well as other smaller non-governmental bodies, think-tanks and financial service providers.
The notorious Nobelium made headlines last year for the SolarWinds hacking back in December 2021 where it used software from IT management company SolarWinds to breach thousands of organization as well as nine federal agencies and 100 private companies among which is Microsoft – with the latter not further commenting about the security breach aside the blog post posted online.