Security bug enables impersonation of Microsoft employee emails: All you need to know

Security bug enables impersonation of Microsoft employee emails: All you need to know
HIGHLIGHTS

A researcher has found a bug that allows individuals to impersonate Microsoft corporate email accounts.

The bug only affects emails sent to Outlook accounts.

This bug raises serious concerns about the integrity of digital communications.

In the ever-evolving landscape of cybersecurity threats, a disturbing discovery has come to light: a bug allowing individuals to impersonate Microsoft corporate email accounts has been found by a researcher. This bug not only raises serious concerns about the integrity of digital communications but also underscores the critical need for robust cybersecurity measures in today’s interconnected world.

As businesses and individuals alike rely heavily on email for communication and operations, the implications of such a flaw are dangerous, potentially paving the way for phishing attacks and data breaches. 

Let’s delve into the details.

Also read: Alert! New ‘ClickFix’ malware tricks users with fake error fixes for Chrome & OneDrive

Security bug enables impersonation of Microsoft employee emails: All you need to know

To demonstrate the vulnerability, the researcher sent an email to TechCrunch that appeared to be from Microsoft’s account security team.

Last week, Vsevolod Kokorin, known online as Slonser, revealed on X (formerly Twitter) that he had discovered a bug related to email spoofing. He reported the issue to Microsoft, but the company dismissed his findings, claiming they couldn’t replicate the problem. In response, Kokorin decided to disclose the bug publicly on X, though he did not provide any technical details that could potentially be used to exploit it.

Also read: New Phishing Scam is here! Targeting Facebook Business accounts

“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin said. “Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”

According to Kokorin, the bug he discovered only affects emails sent to Outlook accounts. This encompasses a significant user base of at least 400 million users worldwide, as per Microsoft’s latest earnings report.

Security bug enables impersonation of Microsoft employee emails: All you need to know

“I did not expect my post to get such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad,” Kokorin said. “Many people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.”

It remains unclear whether anyone besides Kokorin has identified the bug or if it has been exploited maliciously.

Security bug enables impersonation of Microsoft employee emails: All you need to know
Ayushi Jain

Ayushi Jain

Tech news writer by day, BGMI player by night. Combining my passion for tech and gaming to bring you the latest in both worlds. View Full Profile

Digit.in
Logo
Digit.in
Logo