Hackers gained access to Microsoft’s email service for three months

Microsoft / Security / Tech
microsoft-logo-FI

Microsoft has sent out an email to a “limited subset” of users using services like @msn.com, @hotmail.com, and @outlook.com who have been affected.

Hackers getting into users email accounts is nothing short of a surprise these days. When it comes to a big company such as Microsoft, it can cause quite a storm. Especially when the hack lasted three months and people who use email services from Microsoft wonder why they’re just being notified now.

Microsoft has sent out an email to a “limited subset” of users using services like @msn.com, @hotmail.com, and @outlook.com who have been affected by this compromise. The hack took place between January 1st and March 28th of this year. The email states that hackers were possibly able to access a user’s email address, but folder names, email subject lines, and email content — including any attachments — were not accessed.

Here’s the email sent to users who were affected:

Dear Customer,

Microsoft is committed to providing our customers with transparency. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.

We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.

Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source (you can read more about phishing attacks at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing).

It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.

Microsoft customer email

I haven’t received an email from Microsoft stating that my email account has been compromised, but considering there was a limited subset of emails accessed, it’s still best to change your password anyway even if you weren’t affected.

What do you readers think about Microsoft’s consumer email accounts being accessed for three months? Have any of you folks received an email from Microsoft about your account? Let us know in the comments below or on TwitterFacebook, or MeWe.

 Source: techcrunch
Comments
To Top