Comment by Fischgericht
2 years ago
German IT magazine has uncovered that with Windows 11 Update 23H2 if you accept the "recommended" new version of Outlook the client may be uploading your secret IMAP credentials to the Microsoft cloud.
If you are trying to add a "local" IMAP/SMTP account, there is short notice that Outlook needs to "synchronize" your IMAP account with the Microsoft cloud.
It does NOT explain that what this actually means is that it will send all your credentials including your passwords in clear text to Microsoft.
Microsoft's support document to this also only mentions:
"Syncing your account to the Microsoft Cloud means that a copy of your email, calendar, and contacts will be synchronized between your email provider and Microsoft data centers."
No word that it means that they are uploading your passwords.
This is evil. And at least in the EU, illegal.
I have not yet found any report on this in english-language IT media, and therefore have provided a Google Translate link to the report in German.
big if true, i mean what a footgun. Imagine the target they are painting on their back, with all those credentials now harvested.
Yeah, it's true. c't magazine is the biggest IT print publication in the EU, and is highly respected and known for investigative journalism. It looks like the pictures provided which show what they captured is sent to Microsoft (your passwords in plain text) aren't shown if the page is viewed via Google Translate.
So here is the original page URL: https://www.heise.de/news/Microsoft-krallt-sich-Zugangsdaten...
And here is the picture that shows what they have captured is sent to Microsoft:
https://heise.cloudimg.io/v7/_www-heise-de_/imgs/18/4/3/3/1/...
Target ? They are very happy to share your data with 3 letter agencies. You are the target. They are the dealers.