Reply to post: Re: What is the premise of this article?

ICO, forgive me – it has been three weeks since I discovered my breach

Anonymous Coward
Anonymous Coward

Re: What is the premise of this article?

Very true. And if you work for a very small charity with little money it's also very difficult. I'm not experience enough to know what to look for. We had a minor breach that had lasted for months before being spotted. With Office 365. 2FA was never turned on which I warned about months before, but for certain reasons (users not understanding it) it was never implemented. During this time someone had guessed/got hold of a users 365 password. They quietly got on, before I'd even started working there, and put a redirect to their own burner e-mail address. They'd crafted rules on web mail that filtered down to the Outlook client, to hide the redirects by making them go straight to the deleted folder.

No one was looking for this, so it was never spotted until one day the burner e-mail address stopped working. When you'd e-mail him, the genuine user, you'd get a bounce back about the mail not being delivered to the external hotmail burner account. That was the only time the redirect was noted. It was also at that point we noted the rule to warn us when a redirect was set on a mailbox to an external e-mail, wasn't actually working. Hence we never knew about it.

Such a simple breach but as we were never looking for it, we never spotted it. And don't have the funds for a proper security engineer.

It was reported to the ICO straight away however. Looking through the users mailbox over those months, nothing was ever sent to that mailbox that was of any interest in the end.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021