Published: Tue, April 16, 2019
Electronics | By Shannon Stone

Microsoft reveals major email security breach

Microsoft reveals major email security breach

The tech giant says that an employee's credentials were compromised, giving a hacker access to a number of accounts for the first three months of 2019.

According to an e-mail sent to the majority of affected users and then posted online, the firm said a Microsoft support agent's credentials were compromised, potentially allowing unauthorised access to some account information.

Microsoft's Outlook hack is worse than the company originally warned. As far as we know, Microsoft did not actually lie to the users who received that specific email, in which the company admitted that email addresses, folder names, subject lines, and email recipient addresses could have all been exposed.

An unknown number of Microsoft Corp. email account users, including those using Outlook and Hotmail, may have had details of emails stolen in a hack that lasted from January 1 to March 28.

While the aforementioned leaked notification claims the hackers would not have been able to read the content of messages, Microsoft would later admit - after media reports over the weekend - that the intruders could have accessed the contents of messages belonging to a subset of those impacted by the admin account hijacking. Enterprise users were unaffected.

Microsoft did not respond to multiple requests for additional comment.

The company has now advised affected users to reset their passwords.

The breach itself is concerning, but what is also worrying is that Microsoft did not fess up to the full extent of the breach in one of the emails.

Microsoft has confirmed that hackers were able to read email from Microsoft's Outlook, MSN and Hotmail email services, Motherboard reported this week.

A report from Motherboard and citing an unnamed source with knowledge of the hack reveals that the attackers could "gain access to any email account as long as it wasn't a corporate level account". In a blog post from April, Microsoft said that it saw an average of 300,000 phishing attempts in February alone.

Like this: