Microsoft recently notified some customers about a potential data breach affecting their personal information. The company’s approach received criticism, with some viewing the emails as spam-like or phishing attempts.
Cybersecurity expert Kevin Beaumont explained on LinkedIn that these were genuine Microsoft communications, not phishing attempts. He stated that Microsoft experienced a breach by Russian actors impacting customer data, but didn’t follow its usual notification process.
Beaumont noted that the notifications weren’t in the customer portal. Instead, Microsoft emailed tenant administrators, which could result in messages going to spam folders. He advised checking emails from June onward, as the issue is widespread.
A main concern, according to reports, was Microsoft’s inclusion of a “secure link” leading to “purviewcustomer.powerappsportals.com,” a domain seemingly unrelated to Microsoft.
One recipient commented on X that the alert resembled a phishing attack. TechCrunch reported that many recipients shared this view, with the link submitted to urlscan.io numerous times to verify its legitimacy.
Microsoft’s support portal shows customers seeking confirmation about the emails’ authenticity. One user noted several concerns, including requests for TenantID and high-level email addresses, a basic PowerApps page, and limited online information about the email’s content.
