• TWeaK
    link
    fedilink
    English
    849 months ago

    You cannot use the new Outlook app without syncing these data with Microsoft’s servers, i.e. your usernames and passwords are sent to the company’s cloud servers. While the data is sent using TLS, the IMAP and SMTP username and password are sent to Microsoft in plain text. This could allow the company to access your emails, and share the data with third-parties.

    Not only that, but sending usernames and passwords in plaintext allows for MITM attacks.

    • @cm0002@lemmy.world
      link
      fedilink
      179 months ago

      Isn’t MS on the government shit list right now over security missteps that led to the breach of gov officials?

      • @Echo5@lemmy.world
        link
        fedilink
        29 months ago

        Not sure what difference that makes since the military uses the MS office suite for everything

    • lazynooblet
      link
      fedilink
      English
      99 months ago

      I expect what they mean is that the credentials are encrypted only in transit

    • @shadycomposer@lemmy.world
      link
      fedilink
      39 months ago

      I think outlook iOS has been storing credentials on server since day one, even before it was acquired by Microsoft. I’m not sure what the new outlook app means.