Is your Microsoft Account being sold by hackers?

A hacker is selling a batch of Microsoft passwords for hundreds of dollars.

a man holidng a laptop that says 'you've been hacked' on the screen

Wednesday, 2 December, 2020

Microsoft touch?

Ever wanted to know how much you’re really worth? Well there could be a (twisted) way to find out. A new security breach has given hackers access to hundreds of Microsoft email accounts. And they’re selling them online for prices between $100 and $1,500.

The breach targeted ‘c-suite level email addresses’ meaning CEO’s, CFO’s and company directors are at risk. On Friday, ZDNet found passwords belonging to many US and UK tech, retail and consulting company directors being sold.

The hacker(s) are advertising the sale on ‘’ – a sort of secret marketplace for Russian-speaking hackers. ZDNet worked with a cybersecurity expert to gain access to the data, and verified it as a real leak.

BCC Blackmail

The danger posed by this leak is more than the usual password leaks. For example, by accessing a C-suite address scammers could order a company’s accounts department to make large payments.

Imagine this: you’re working for a large multi million pound company. It’s Monday morning. You have a full inbox. You get an email from your boss asking you to wire £10,000 to a ‘consultant’. For a large company, it’s a completely normal request. You approve the payment. Hours later you get a call asking why you sent £10,000 to a stranger.

Another tactic used in these kinds of hacks is to gain sensitive company or personal data. The hackers then blackmail people, bleeding them dry over time.

So this kind of hack makes companies vulnerable to large scale theft. And if your boss isn’t understanding, it could put your job at risk!

We (Microsoft) are aware of the report and will do what is necessary to help support our customers…We encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers. To increase security we recommend taking additional steps like turning on multi-factor authentication.

- Microsoft representative.  

The cybersecurity expert who discovered the Microsoft data for sale is notifying all the companies that have been compromised. So in the mean time, keep an eye out for any weird requests from your boss!

Natalie Dunning author picture


Natalie Dunning is a freelance writer and Media Psychology researcher based in Manchester.