Microsoft’s breach notification emails end up in spam folder

Microsoft’s attempt to inform customers of Russian hackers going through their emails resulted in delivery into a spam folder.

The Russian nation-state hacker group Midnight Blizzard penetrated Microsoft’s defenses last year, accessing the emails of multiple of the company’s customers. In late June, Microsoft said that more organizations were impacted than previously thought.

However, the company’s attempts to inform users might not have reached their intended recipients. According to Kevin Beaumont, a cybersecurity researcher and former senior threat intelligence analyst at Microsoft, the company opted to inform affected victims via email.

Personal data leak checker

Check whether your online credentials have been compromised with an up-to-date personal data leak checker tool.

Check if your data has been compromised

“The notifications aren’t in the portal – they emailed tenant admins instead. The emails can go into spam, and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers,” Beaumont said on LinkedIn.

We reached out to Microsoft for comment but have yet to receive a reply.

Others joined in on Beaumont’s post, claiming that numerous organizations took Microsoft’s email as a phishing attempt and either deleted the email or marked it as spam. The breach notification emails supposedly lacked basic email authentication methods such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

“Well, at first glance, this did not inspire trust for the recipients, who started asking in forums or reaching out to Microsoft account managers to eventually confirm that the email was legitimate...weird way for a provider like this to communicate an important issue to potentially affected customers,” the Greece-based cybersecurity consultant said.

Microsoft confirmed in January that Midnight Blizzard was detected trying to infiltrate the tech giant’s corporate systems. The same hacker group was responsible for the infamous SolarWinds hack that wreaked havoc on US government installations in 2020.


Jen Holzem
prefix 13 days ago
My son has
Microsoft and someone has been getting into my account and I would like something done about it
John Nowlin
prefix 13 days ago
I have been telling you this all year somebody's from Russia been trying to break into my account since January and y'all haven't done nothing about it
Leave a Reply

Your email address will not be published. Required fields are markedmarked