Microsoft Outlook email users were targeted by a cyberattack earlier in April. The attack saw hackers access victims' email content and metadata. According to the testimony of multiple victims now, the hackers also reportedly stole from their cryptocurrency accounts, likely indicating the true motive of the attack.
The hackers were able to breach Microsoft's email system by gaining access to a Microsoft customer support staffer's login credentials, Motherboard reported. This allowed the attackers to steal the contents of non-corporate Outlook, MSN, and Hotmail accounts. However, it appears that the attack did not conclude with the hackers accessing victims' email contents. Motherboard reported that the hackers behind the breach also emptied out the cryptocurrency accounts of several victims.
"The hackers also had access to my inbox allowing them to password reset my Kraken.com account and withdrawal [sic] my Bitcoin," Jevon Ritmeester, a Microsoft user, who was notified about the breach by the tech giant, told Motherboard.
Kraken is a popular cryptocurrency exchange. The hackers reportedly managed to ensure that any email that contained the work Kraken was automatically forwarded to an email address controlled by them. In other words, emails regarding the victim's Kraken account's password requests or Bitcoin withdrawal requests were automatically redirected to the attackers. According to Motherboard, the hackers stole 1 Bitcoin, worth around $5,000 from Ritmeester.
"I think Microsoft talks about this way to lightly [sic] about this leak and I think there are a lot of users who have suffered damage in one way or another as there is a lot of sensitive information in an inbox." Ritmeester told Motherboard. "I am planning to at least file a police report and thinking about holding Microsoft liable for the financial damage and the fact that a lot of my personal information may get leaked in the near future."
It is unclear whether Microsoft is aware of the attackers having stolen victims' funds. It is also unclear as to how many victims' funds were stolen. Those affected by the Microsoft email breach who also have cryptocurrency accounts should consider incorporating two factor authentication to their cryptocurrency accounts.
This article originally appeared in IBTimes US.