There has been a major security breach with my Office 365 mailbox this morning and I don't believe it was due to the usual method of simply logging in with a phished password.
What I saw this morning:
- Roughly 200 emails sent from my Office 365 mailbox, all still in my Sent Items folder, but addressed to people I'd never heard of, with a single line "you might be interested in this...." and a link.
- This started at 4:36 am AEDT on 24/11 and ended 28 minutes later at 5:04 am AEDT.
Why I believe it was a problem at Microsoft's end and not a password breach:
- If someone had my password then they would have also had access to my address book with over 1000 contacts lists, and yet not a single email that was sent was addressed to one of my contacts.
- No dodgy Forwarders had been added to my account
- No dodgy Rules had been created in my account
- The Sent Items were not deleted to hide the activity.
- I did nothing to stop it. When I finally became aware of what had happened there had been no activity for the past couple of hours.
I have now changed my passwords just in case, but I believe that whatever happened was a Microsoft breach and they then did something to blocked it once they realized what was happening.
Has anyone else seen something similar to this today?
