Microsoft Data Breach?

[taylor20]

I can't find any reference to this @ either https://sec.hpi.de/ilc/search or https://haveibeenpwned.com/ but two of my email addresses that I use for Microsoft accounts one is "azure...@...co.uk" the other "windowslive...@...co.uk" have started receiving spam.

It's not hacker type threats but the more benign "10% net return on studio apartments for students where demand outstrips supply" type stuff that the spam filter picks up straight away.

Anyone else's account been hacked?

Is there a site for reporting this type of thing, I'd imagine something a bit like https://downdetector.com for hacking would be quite useful.

[swill453]

Receiving spam is not related to being hacked. The former involves knowing (or guessing) your email address, which is semi-public information. The latter involves someone actually getting into your account, which is both much more worrying and much less likely.

From what you've said you haven't been hacked.

Scott.

[UncleEbenezer]

That's about receiving spam to particular addresses. I think the premise is that it would be a heck of a coincidence for the two Microsoft-held addresses to have *randomly* reached a spammer's list at the same time, so the inference is that Microsoft has leaked in bulk. Which could be either a data breach or a deliberate sale in violation of data protection.

In theory the Information Commissioner's Office would be a place to report to. Unfortunately their submission process is a one-size-fits-nothing-meaningful form, which precludes you telling them what you've told us.

[stewamax]

If OP has sent an email using both addresses to a third party or sent a bulk email to a group of addressees using Cc: or To: instead of Bcc:, then if an addressee has in turn had their PC hacked, the hacker has OP's email addresses.
How come both addresses? I send an email from my personal address, e.g. windowslive...@, mentioning that I offer a service, and that more information about that service can be obtained by emailing the azure...@ address. Fairly typical of normal commercial (as opposed to malicious) spam - the latter more often use nasty .php (or whatever) links or malicious (.docx; .pdf; ...) attachments instead of email addresses.
Not suggesting OP is a spammer; innocent emails and commercial spam can be indistinguishable.

[UncleEbenezer]

If OP has sent an email using both addresses to a third party

The point about addresses like those are that they're used only for the one correspondent, so neither of them ever get sent to a third party. It makes it easy to delete any address that starts to collect spam. I would certainly use that form of address if I ever subscribe to Microsoft services (well, it might be "microsoft@" for both, but that's splitting hairs).

If one address leaks, you delete it (complain & replace if necessary) and move on. If both leak simultaneously, you might just ask a DAK.

[Slarti]

Well it certainly looks as if there has been a major breach at Microsoft https://www.theverge.com/2019/4/13/1830 ... h-security

Slarti

[taylor20]

The point about addresses like those are that they're used only for the one correspondent, so neither of them ever get sent to a third party.

Exactly, these particular addresses are used as 'login names' and 'correspondence address' for the respective services provided by Microsoft, I would never use them for sending email.

I also have a couple of other addresses for logging into my windows 10 laptop and for Microsoft developer network that have not yet been sent any spam.

None of these addresses are anything to do with 'Outlook.com' email service, also explaining why they are not flagged by using the 3rd party searches linked above.


My question was to try and ascertain whether this was a general breach at Microsoft (a pain, but containable) or an indication that some aspect of my sprawling online and private data has been hacked exposing more than just a couple of throw away email addresses (maybe I did keep those details in a spread sheet somewhere prior to using a password key safe? or maybe my password safe has been hacked? etc.).

[Infrasonic]

My question was to try and ascertain whether this was a general breach at Microsoft (a pain, but containable) or an indication that some aspect of my sprawling online and private data has been hacked exposing more than just a couple of throw away email addresses (maybe I did keep those details in a spread sheet somewhere prior to using a password key safe? or maybe my password safe has been hacked? etc.).

There's been quite a few detailed threads here on this board in the past few weeks going over all the various spam/phishing issues that are currently floating around in cyberspace.

My main Outlook.com account gets quite a bit of spam and does appear on the have I been pwned site, more than once. (You can set up alerts there for all your addresses if you want, I have).
It's a very old address though, 1998 vintage.
With this latest breach I'll probably change my password details for the account just to be on the safe side, even though I'm pretty confident there has been no breach there.

I've started moving all my sensitive email, from my banks et al, over to my encrypted Protonmail account, which is a random number so can't be associated with my real world ID.
https://protonmail.com/