TECH NEWS

Microsoft warns hackers are exploiting password resets to gain access to user accounts - here's how to stay safe

https://cdn.mos.cms.futurecdn.net/89bxEtNaSo2H7h4SqvoeRd-2560-80.jpg
  • Microsoft researchers warn Storm‑2949 is abusing the Self‑Service Password Reset flow to hijack accounts
  • Attackers trick victims into approving MFA prompts via phone calls, then reset passwords and exfiltrate sensitive data
  • The campaign targets Microsoft 365 and Azure environments, with Microsoft urging tighter RBAC controls and monitoring of high‑risk operations

A hacking group known as Storm-2949 is abusing the password reset feature in Microsoft’s services to steal people's login credentials, access their accounts, and exfiltrate as much sensitive data as possible.

A new report published by the Microsoft Defender Security Research Team claims that at the heart of this campaign is the Self-Service Password Reset (SSPR) flow found in the Microsoft ecosystem.

Usually, when an employee forgets their credentials and clicks the “Forgot my password” button, Microsoft sends an MFAprompt to their registered secondary device. When the employee approves it, they are allowed to set a new password...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more