Hacking email accounts doesn't have Watch The Heirs Onlineto be a sophisticated affair.
We are reminded once again of this fact thanks to a report released Friday by the Microsoft Threat Intelligence Center detailing how a group of hackers targeted the email accounts of journalists, government officials, and the campaign of a U.S. presidential candidate. And here's the thing, the bad actors didn't use some fancy 1337computer skills, but rather employed the oldest trick in the book: the password reset.
According to Microsoft, over a 30-day period in August and September of this year, hackers likely affiliated with the Iranian government went after 241 email accounts and successfully compromised four. The MTIC dubbed the group Phosphorous, and explained how the team operated.
"Phosphorous used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts," reads the blog post. "For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account."
Importantly, MTIC writes that the four compromised accounts were not tied to the U.S. presidential campaign. But, still, this isn't good.
Password-reset features come in many forms, from questions about where you went to high school or your mother's maiden name to sending a link or code to a secondary email address or phone number. The former opens victims up to attack by anyone who knows how Google works, while the latter makes your primary email only as secure as your linked secondary email or cell phone.
A prominent abuse of this feature came in 2008, when a 20-year-old college student accessed Sarah Palin's Yahoo email account. He used information like Palin's ZIP code and birthday to reset her account password and gain access to the email account.
"While the attacks we’re disclosing today were not technically sophisticated," explain MTIC, "they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks."
SEE ALSO: How to find stalkerware on your smartphoneThis warning from Microsoft should serve as a reminder to everyone online that a password alone isn't enough to protect your email — especially if someone is motivated to hack the account. Instead, use multi-factor authentication and for the love of god create a unique password.
Oh, and consider ditching those password-reset questions altogether.
Topics Cybersecurity
TikTok wants me to host a dinner party. Is that an actual recession indicator?
Meta Quest 3S (256GB) deal: Score a free $30 Best Buy gift card
OpenAI's Sora review: Marques Brownlee breaks down the AI video model
7 wild Sora videos blowing up social media after its launch
How to Secure Your Android Phone and Get the Most Out of Smart Lock
Best TV deal: Save over $400 on LG 55
Best speaker deal: Save $70 on Bose SoundLink Micro Bluetooth
OpenAI Sora release: It's officially here
Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch
'Nightbitch' does more than explore motherhood. It celebrates body hair.
TikTok ban looms in U.S. Here's the latest.
Why is the internet thirsty for the UnitedHealthcare CEO shooting suspect?
Best Bose QuietComfort Ultra deal: Save $80 at Best Buy
NYT mini crossword answers for December 10
The fat bears are already extremely fat
Best TV deal: Over $800 off TCL 55
Apple's iOS 18.2 is here, with a ton of Apple Intelligence features
Astronomers wonder if galaxies are falling into this giant black hole
'Black Mirror' Season 7: 'Hotel Reverie,' explained
Apple Watch Ultra 3 might get this life
What Midcentury Women Artists Had to Put Up WithIn Which Alberto Giacometti Scopes Out Some French CarsOn the “Mrs Thrale” Bit in “Meditations in an Emergency”Gift Idea: Victorian Christmas Cards with Dead BirdsAnthony Madrid on Jonathan SwiftNo Work Today: Paintings by ParraLeonard Baskin’s Etchings for “Titus Andronicus”Poem: “The Mutes,” by Denise LevertovThe Changing Meaning of “SelfGotham Lullaby: Meredith Monk at the Sawdust TheatreFrom the Archive: Werner Herzog’s Jungle JournalsFrank Kimbrough, Paul Bley, and the “Quiet Fire” of Jazz PianoConsciousness, Dark Matter, and Other Things We Don’t “Get”What We’re Reading This WeekIn Tucson, Talking to Raul About Life Under TrumpWhen James Wright Cheered Up a Lonely Poet (With Bananas)Leonard Baskin’s Etchings for “Titus Andronicus”Poem: “The Mutes,” by Denise LevertovWhen Poets Packed Stadiums and Literature Was Money“The Reckless Moment” Invites Noirish Paranoia into the House Night Shift is now available on your Mac so you can finally get some damn sleep This company claims it will make you a watch using your cat's hair Why most self Can Fisker Ocean deliver on its vision of a cheap Tesla alternative? Report: Apple to unveil new, cheaper iPhone 'as early as March' Everyone should always have their read receipts turned on Amazon reportedly planning to introduce hand The internet is very confused by this shirt at the Trump Tower gift shop A British grocery chain is taunting the Beyhive about Ivy Park Sex is better with the lights on Everything coming to Amazon Prime Video in February 2020 Patrick Stewart is being compared to Kellyanne Conway and he couldn't be happier Everything coming to Hulu in February 2020 Joe Biden calls Zuckerberg 'a real problem' and wants to revoke Section 230 Teen's Disneyland promposal is sweeter than a pot of Pooh's honey Starbucks unveils new sustainability goals, including plans for more plant Samsung's upcoming Galaxy S20 line leaked in full detail Facial recognition company scraped billions of photos to help the cops Snake on a plane hitches a ride to New Zealand, which has no snakes Drive me to the moon in one of these lunar cars
2.4023s , 8209.96875 kb
Copyright © 2025 Powered by 【Watch The Heirs Online】,Miracle Information Network