Major gaming tech manufacturer phishing email.

[MiSJAH]

Hi All,

I recently received a phishing email:



The sender address is a large tech/gaming manufacturer.

I made the company aware of the situation on Sunday 26th May.

Nothing heard until today where they have sent out a mass email to their customers.

Is 6 days sitting on the information normal is regards to these matters?

 

[MiSJAH]

i got one of these too, got captured in my junk folder though.

My concern isn't with the email, per se, but the access someone has to the manufacturers servers/system.

 

[MiSJAH]

Here's the full headers (with my email obfuscated)...

Received: from BL2NAM02HT063.eop-nam02.prod.protection.outlook.com
(2603:10a6:803:a0::43) by VE1PR09MB3294.eurprd09.prod.outlook.com with HTTPS
via VI1PR06CA0150.EURPRD06.PROD.OUTLOOK.COM; Sat, 25 May 2019 22:34:35 +0000
Received: from BL2NAM02FT022.eop-nam02.prod.protection.outlook.com
(10.152.76.57) by BL2NAM02HT063.eop-nam02.prod.protection.outlook.com
(10.152.77.73) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1922.16; Sat, 25 May
2019 22:34:34 +0000
Authentication-Results: spf=none (sender IP is 212.175.12.130)
smtp.mailfrom=cpanel.isbiroptik.com; hotmail.com; dkim=none (message not
signed) header.d=none;hotmail.com; dmarc=none action=none
header.from=msi.com;
Received-SPF: None (protection.outlook.com: cpanel.isbiroptik.com does not
designate permitted sender hosts)
Received: from cpanel.isbiroptik.com (212.175.12.130) by
BL2NAM02FT022.mail.protection.outlook.com (10.152.77.153) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.1922.16 via Frontend Transport; Sat, 25 May 2019 22:34:34 +0000
X-IncomingTopHeaderMarker:
OriginalChecksum:8470BBA7EFB74747B31F14599B7F3D5756F4400360EFF7C5332FA447EFFC5C04;UpperCasedChecksum:5AC579D75D366CE7EE688C78C260D7ECE3BE94CE20F9D2A3C01E02931C672F7C;SizeAsReceived:1504;Count:22
Received: from isbiroptik by cpanel.isbiroptik.com with local (Exim 4.91)
(envelope-from <[email protected]>)
id 1hUfFI-0007td-Kf
for ****@hotmail.com; Sun, 26 May 2019 01:34:32 +0300
To: ****@hotmail.com
Subject: =?UTF-8?B?QWNjb3VudCBBbGVydDogWW91ciBBcHBsZSBJRCB3YXMgdXNlZCB0byBzaWduIGluIGZyb20gYW5vdGhlciBsUCBBZGRyZXNzIGluIEluZG9uZXNpYSAoNS8yNi8yMDE5IDQ6MDk6NTIgUE0gKQ==?=
X-PHP-Script: bulten.isbiroptik.com/admin/temp/surveys/6661/2/asu.php for 35.222.223.210
X-PHP-Originating-Script: 501:asu.php
From: =?UTF-8?B?QXBwU3RvcmU=?= <[email protected]>
Content-type: multipart/mixed; boundary="--GuXzKLastB"
Reply-To: [email protected]
Message-Id: <[email protected]>
Sender: <[email protected]>
Date: Sun, 26 May 2019 01:34:32 +0300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel.isbiroptik.com
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [501 501] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel.isbiroptik.com
X-Get-Message-Sender-Via: cpanel.isbiroptik.com: authenticated_id: isbiroptik/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: cpanel.isbiroptik.com: isbiroptik
X-Source:
X-Source-Args: php-fpm: pool bulten_isbiroptik_com
X-Source-Dir: isbiroptik.com:/bulten.isbiroptik.com/admin/temp/surveys/6661/2
X-IncomingHeaderCount: 22
Return-Path: [email protected]
X-MS-Exchange-Organization-ExpirationStartTime: 25 May 2019 22:34:34.4204
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
abf8d9d8-13d2-4905-a038-08d6e1612985
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: EFV:NLI;
X-MS-Exchange-Organization-AuthSource:
BL2NAM02FT022.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-UserLastLogonTime: 5/25/2019 9:37:14 PM
X-MS-Office365-Filtering-Correlation-Id: abf8d9d8-13d2-4905-a038-08d6e1612985
X-Microsoft-Antispam:
BCL:0;PCL:0;RULEID:(2390118)(5000113)(711020)(4605104)(610169)(8291501072);SRVR:BL2NAM02HT063;
X-MS-TrafficTypeDiagnostic: BL2NAM02HT063:
X-MS-Exchange-PUrlCount: 1
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 212.175.12.130
X-SID-PRA: [email protected]
X-SID-Result: NONE
X-MS-Exchange-Organization-PCL: 2
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 May 2019 22:34:34.1251
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: abf8d9d8-13d2-4905-a038-08d6e1612985
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT063
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: FlexTransport
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.1301205
X-MS-Exchange-Processed-By-BccFoldering: 15.20.1922.000
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;psp:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900115)(8390100)(8377080)(8376100)(8386120)(8375121)(4920090)(6380081)(4950130)(4990090)(9140004);RF:JunkEmail;
X-Message-Info:
qoGN4b5S4yq0/zlyHv5xRFX9EtuW4SUMcX0M1fXnCA3C8KfxkUgn0Kp1Jy0yprVkXdKPM1RswBS6bSm1BQnM6WtYYxKrDoW9CCpO+mZD1gjxVpN73i70RXDqGQ87zzzGDszeqVF1URvHoMtFNyrUhAdQX+wXeaTsEu7T03b27ecMMozIsGa66FfzZbji3x9fho/oYohBE3zo9VFUjb7TJA==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MjtHRD0xO1NDTD02
X-Microsoft-Antispam-Message-Info:
EYfXzkToqm4w+PxoJyl24QrUBE3ff836Kkcl5Lw/7BnEbV7d9XUazVWEMK0wkc+VUpI43n0XYCNCOuCQUtFQ0zYeJTX7GYhUwoA3uRZFSW0SbI7ijl3ppRHiDZvbcx91OsWFQueT2UDuTJek0o5Y8+oLPqQ17drRPWwoXoixLXfUwdzUW1uMCEV4YdI5dS0BmHrZH5i0kUA7KKiatVyoxcD/bVvBvVH4oa0oO8qQrCqFS2eOF1dlHRbb8BoKDDDFwS2fAiZcvmOnnS0B4oggrEbKOvGKfg5ze4HZNiqNpMGP6+pqnSqq8SJiPF09M9+VIwzTnBTkHG2qgBxXIwDcencxOhvfkdzkAoNEBwt0PKfnGY988C3ohnT9+EpF9HbXfpl4EJqAaJtS4YqD2KH9/hXMAY+GnNj2ipE5+AUBzWdq8IuDZJlDfdVcaxk+Q0tbHjXkxb5WDOo6AJhlQCfzsLZts73PExGGNv0hjboqp0QKF15dz5Mw6IFI+atYH2gC844my8YgA/ILHLYJPZAw4WWSipdCfS/1twwEKaHNLvRdykPfvwkT/fDGxAuAmIniOdiQMPLex4l0zItVRJY7H2qMaaI3VKu5u7HbdMMelRm6vgi7ITHZVOd3n7hGzlLLMxJjIUov6JebanjYOoMny4+eYDxnZ2EPNeycStVJdqMVpSJwjFLrNkTMIf7W7+Yx5jjs9+AdIlTzg1nBAyaeWFKAn02McMv1Pd/1d8iqj1gZDdBVwAPqqmFIIYiaHdxWKuS9awXdv29We+5/ON9iw2DOlIoKewZtE4mga2g0X5n1wwkD/NIlWyaF+6n7fGI7
MIME-Version: 1.0

Can you give a layman explanation of that please?

Why don't you just say 'MSI'?

I've had run ins with MSI historically, I don't want to appear biased.

It has come to our recent attention that an unknown third party may have gained access to a third party software for the website <emailing.msi.com> operated by, or on behalf of MSI (the “Affected Website”). As a result, some of your account information limited only to your first name and email address may have been affected (together, the “Affected Data”). Within less than one (1) hour after learning of this incident, we took immediate steps to secure the Affected Website and ensure that the unauthorised third parties obtained no further data. Specifically, the actions we have taken include: i) shutting down the affected server and Affected Website; ii) conducting software and hardware scans for vulnerabilities and/or malicious scripts; iii) removing the Affected Website and hardware from MSI’s servers; iv) MSI IT teams installing updates to the third party software and rescanning for vulnerabilities; v) MSI IT teams setting up new website software and server locations with updated software and hardware protections. We then re-checked for potential vulnerabilities. We continue to monitor for suspicious activities and believe only a very small number of users may have been affected. We regret that this incident may affect you. We take our obligation to safeguard personal data very seriously and are taking steps to help prevent this type of incident from reoccurring. Based on our investigation and findings to-date, we can reassure you that None of your account password, financial data, or other data of a sensitive or potentially harmful nature had been affected. We also have no evidence that any of the Affected Data, or your MSI accounts or services, have been misused as a result of this incident. We have notified the relevant data protection authority and will work with them to limit any further impact of that this incident may have.

Was MSI's response.