Imagine that you set up an Outlook account where you let it autoconfigure the email settings for you, only for it to stall or run into an error. You’ll shrug it off and enter those details manually. However, in the background, Microsoft Outlook has just sent data to two addresses in Japan without anyone knowing.
This is real and it has been happening since at least February of 2020.
Microsoft Outlook rerouting example.com traffic
A baffling new investigation has revealed that Microsoft’s Autodiscover has been erroneously bouncing around traffic meant for example.com to two real addresses in Japan. To put it more accurately, whenever Outlook would send requests to example.com, two servers in Japan would receive them instead. This is something that should never happen.
That domain is reserved for documentation and testing, somewhere test requests are sent by developers so that they’re not part of real production traffic. It was made so that these requests could be made there instead of to real addresses on the web.
Recommended For You
But that’s not what Microsoft Outlook has been doing, and no one is clear on exactly what caused this.
What happened to your credentials?
The issue only affected autoconfigured Outlook accounts. | Image credit — Microsoft
Fortunately, this weird routing error does not seem to have led to any malicious acts. The data that was being routed to servers owned by Sumitomo Electric was usually just a temporary placeholder.
There are no indications that this was a hack, and neither is there reason to believe that the rerouted data was used to access real credentials of Outlook users. Credentials could theoretically have been exposed, but it doesn’t seem like any malicious actors noticed this problem during the six years that it has been happening.
What do you think caused Outlook to route traffic to Japan?
Why this happened in the first place is unclear. It appears Microsoft’s internal servers were getting confused for some reason and kept mishandling traffic meant for example.com. As of now, Microsoft has implemented a block preventing further traffic from being directed towards Sumitomo Electric’s servers, but a real solution can’t be devised until the cause is located.
The internet is a fragile house of cards
I think that this serves as another reminder of just how much of a fragile house of cards the internet really is.
We don’t like to think about it of course, but the recent Cloudflare outage served as a warning, and so does this issue with Microsoft Outlook. While this didn’t lead to anything dangerous, it once again showed us how long major problems could go undetected deep inside the complex infrastructure of the web.
Try Noble Mobile for only $10
Get unlimited talk, text, & data on the T-Mobile 5G Network plus earn cash back for data you don’t use.
Abdullah loves smartphones, Virtual Reality, and audio gear. Though he covers a wide range of news his favorite is always when he gets to talk about the newest VR venture or when Apple sets the industry ablaze with another phenomenal release.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: