Podcast Episode Details
Back to Podcast Episodes
Microsoft Email Hacked, Instagram Nasty List Phishing Scam, Facebook Third-Party Data Deals
This is your Shared Security Weekly Blaze for April 22nd 2019 with your host, Tom Eston. In this week’s episode: Microsoft email services hacked, the Instagram “Nasty List” phishing scam, and Facebook’s attempted deals to sell your data.
Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Microsoft was in the hot seat this past week with the announcement that email services on Outlook.com, MSN, and Hotmail were breached from January to late March this year. This breach was due to the compromise of a support agent’s privileged credentials, most likely due to a targeted social engineering attack. The attackers apparently had access to email addresses, subject lines, names of people within conversations, and custom folder names. Accounts affected were only free consumer accounts and not accounts that businesses pay for. According to Motherboard, who broke the story, Microsoft has confirmed the breach and have sent breach notification emails to customers that have been affected but didn’t say how many users were impacted by the breach. Other details show that the source, who was used for the Motherboard story, noted that the attacker appeared to have used this access for what are called “iCloud unlocks”. This is where attackers will compromise a victim’s email or iCloud account to remove Apple’s ‘Activation Lock’ from a stolen iPhone. This security feature was implemented to prevent thieves from resetting stolen iPhones and selling them.
My take is that this is one of those attacks that as users, is very hard, if not impossible to prevent. Even if you secure your account with multi-factor authentication, you’re still at the mercy of Microsoft and the administrators that may have their credentials compromised. In these cases, it comes down to how quickly a company can respond to a breach to limit impact to it’s customers.
Have you been receiving strange messages on Instagram from your followers about you being on something called the “Nasty List”? If so, the message is actually a massive phishing campaign that is being spread though hacked Instagram accounts. The message will say something like quote “OMG your actually on here, @TheNastyList_(some number), your number is 15! Its really messed up” end quote. Grammar Nazis, your first clue that is that this is a scam is the spelling of “your” which should be “you’re”. Unless, of course, your friends naturally have bad grammar. Now if you visit the profile you will see an interesting URL in the profile link which will, you guessed it, take you to a fake Instagram login page. If you happen to enter in your Instagram credentials, you’ll be hacked yourself and your account will then become another zombie also sending out the same message to your followers. For more details on this scam check out the link in our show notes for a great article from Bleeping Computer.
Hopefully, as a listener of this podcast, you didn’t fall for this scam but if you did change y
Published on 6 years, 8 months ago