Microsoft Faces Backlash Over Confusing Breach Notification Emails
Microsoft has faced significant criticism for sending email notifications about a data breach that may have affected customer information. Recipients perceived these alerts as resembling spam or phishing attempts. Cybersecurity expert Kevin Beaumont, a former Microsoft employee, noted that the company deviated from its standard breach notification protocols after an incident linked to Russian actors. Instead of posting alerts in the Microsoft 365 portal, the notifications were sent to tenant administrators, raising concerns about their legitimacy. The inclusion of a "secure link" directing users to an unfamiliar domain further fueled suspicions, with many believing it resembled a phishing attack. Customers took to Microsoft's support portal to seek confirmation regarding the authenticity of the emails, highlighting confusion and distrust in the company’s communication. This incident underscores the importance of clear and secure notification processes in maintaining customer trust dur
Microsoft Faces Backlash Over Confusing Breach Notification Emails
Microsoft has come under fire for recent email alerts sent to customers regarding a data breach that may have compromised their personal information. Critics have described these notifications as resembling spam or phishing attempts. Cybersecurity expert Kevin Beaumont, a former Microsoft employee, highlighted on LinkedIn that the company failed to follow its established customer data breach notification protocols after a breach attributed to Russian actors. Beaumont pointed out that the alerts were sent to tenant administrators instead of being documented in the Microsoft 365 portal.
A major concern arose due to a "secure link" embedded in the email that directed users to an unfamiliar domain, purviewcustomer.powerappsportals.com. Many recipients expressed alarm, suspecting it to be a phishing scam, as evidenced by the high number of submissions to URL scanning service urlscan.io for validation. Microsoft’s support portal has seen numerous inquiries from customers seeking confirmation of the emails' legitimacy, raising further doubts about the company's communication strategy in addressing data security incidents.
Click Here to Visit
What's Your Reaction?
