In addition to stealing metadata, hackers were also able to view the contents of emails – and this has brought forward several victims who state that their cryptocurrency wallets have been emptied.
One user, Jevon Ritmeester, told Motherboard that the hackers were able to access his Kraken exchange account after the breach and subsequently withdrew his bitcoins. Several others users on Reddit have also come forward, with one individual losing as much as $25,000.
The breach began when the attacker managed to obtain the login credentials of a Microsoft customer support employee, after which he or she was able to access several different email services. Emails from an exchange like Kraken would be redirected to an email address controlled by the hacker, meaning they could reset the exchange account password at will.
Unsurprisingly, users have raged against Microsoft, accusing them of “covering up.” Ritmeester said that he would be taking legal action,
I think Microsoft talks about this way to lightly [sic] about this leak and I think there are a lot of users who have suffered damage in one way or another as there is a lot of sensitive information in an inbox…I am planning to at least file a police report and thinking about holding Microsoft liable for the financial damage and the fact that a lot of my personal information may get leaked in the near future.