New Outlook is sending user credentials to Microsoft's servers
Microsoft is developing a new
Microsoft lays hands on login data: Beware of the new Outlook | heise online
https://www.heise.de/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9358925.html
When you upgrade Microsoft's Windows 11 to 23H2 , the latest version at the time of writing, the new Outlook will be displayed as a recommended app in the Start menu. The test version that is proposed to be used when starting a new Outlook is scheduled to be offered to all users as a standard Windows mail and calendar app in 2024. Microsoft employee Caitlin Hart also explained this on the official Outlook blog .
German technology media
When you try to use an email account that uses your company's own email server with the new Outlook, the following message appears. The message says, ``In order to sync your email with Microsoft Cloud, you must add your IMAP account to Outlook. Existing contacts and events will not be saved, but anything you create in Outlook will be saved to Microsoft Cloud.'' ” is written. Please note that the link at the bottom of the message is a link to a support page titled `` Sync your account to Microsoft Cloud in Outlook .''
The new Outlook syncs to Microsoft Cloud not only on Windows devices, but also on Android, iOS, and macOS devices. This means that 'mail, calendar, and contacts will be synchronized between the mail service and Microsoft's data centers.'
Traffic between Outlook and Microsoft servers is protected by TLS , but the data itself is sent in plain text. If we analyze this, we can confirm that Microsoft is sending the user's IMAP and SMTP credentials from the new Outlook to Microsoft's servers.
When you switch from the old Outlook to the new Outlook, new software will be installed along with it. IMAP accounts set in old Outlook will not be automatically transferred, but accounts saved in Windows are set to be automatically transferred.
In addition, in early 2023, when Microsoft Office updates were applied to Macs, a problem occurred where Outlook automatically redirected data to Microsoft's cloud server without notifying the user. The solution was to delete the IMAP account and reconfigure it, but in this case, reconfiguring it does not mean that data will no longer be sent.
The report on heise online has also become a hot topic on the overseas bulletin board Hacker News, with comments such as ``I'm confused that no major American media, even IT media, has reported on this matter,'' and ``The EU has no Microsoft policy.'' They have laws that favor them in the EU because there is no solid alternative: there is no major EU-based cloud provider with similar capabilities, software ecosystem, integrations, etc. as Microsoft. 'No other company offers the same office suite, legacy compatibility, familiar operating system (OS), or collaboration platform that Microsoft offers.'
Windows 11 Update 23H2 is stealing users' IMAP credentials | Hacker News
https://news.ycombinator.com/item?id=38212453
BfDI 's Ulrich Kerber, responsible for data protection and freedom of information in Germany, said: ``Reports that Microsoft is collecting data via Outlook are concerning. 'We will be requesting a report from the Irish Data Protection Commissioner, who will take legal responsibility for this matter,' he wrote on Mastodon.
Related Posts:
