Microsoft recently began notifying some customers via email about a potential data breach that might have compromised their personal information. However, the company's approach has faced heavy criticism, with many saying the emails resembled spam or phishing attempts.

Cybersecurity researcher and former Microsoft employee Kevin Beaumont addressed the issue on LinkedIn, reassuring followers that the emails were legitimate, though poorly executed:

"Microsoft experienced a breach by Russia affecting customer data but did not follow the Microsoft 365 customer data breach protocol. Instead of using the portal, they emailed tenant admins," Beaumont explained. "These emails can end up in spam, and tenant admin accounts are meant to be secure, breakglass accounts without email. They also failed to notify organizations via account managers. You should review all emails dating back to June. This is a widespread issue."

One major concern noted by TechCrunch was the inclusion of a "secure link" in the emails, which directed recipients to a domain that did not seem related to Microsoft: "purviewcustomer.powerappsportals.com."

"Essentially, the critical alert looks like a phishing attack," one recipient commented on X. Many recipients shared this sentiment, as the link was submitted to urlscan.io over a hundred times. URL Scan is a service used to determine whether a website is malicious.

Additionally, Microsoft's support portal contains several posts from customers seeking confirmation of the emails' legitimacy.

"This email has several red flags for me," one person wrote. "The request for the TenantID and admin or high-level email addresses, the barebones powerapps page, and some quick Googling not yielding any related results to the email's title or contents. Can anyone confirm if this is a legitimate Microsoft email request?"