On April 12th 2019, Microsoft sent out emails to Outlook users about a Microsoft Outlook security breach. Their email said that a hacker could have been able to access some accounts for a few months earlier this year. Microsoft discovered that the credentials of one of their support agent’s were compromised, allowing unauthorized access to some accounts between January 1st and March 28th 2019.
The email said that hackers got into the system when a support agent’s credentials were compromised and once identified the credentials were disabled. Microsoft told the users that as result of this, they might see more spam or phishing emails. “You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source,” read the email.
A new report by Motherboard however, revealed that the Microsoft Outlook security breach was more severe than what Microsoft revealed. The breach gave hackers access to a large number of Outlook, MSN, and Hotmail email accounts. The email sent out by Microsoft said that hackers could only access email subject lines, email folder names, and other names from a user’s address book.
Motherboard found out that hackers could in fact, get access to email content as well. Later, Microsoft accepted that the exploit was indeed worse than what had been previously revealed. This breach has affected only personal email accounts. Corporate accounts are safe. Microsoft advised that users who received the cautionary email should change their Outlook credentials out of caution.
Microsoft hasn’t revealed how many users were affected. In a statement to The Verge, a Microsoft spokesperson said, “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”
Motherboard also claimed that hackers had access to email accounts for nearly six months, but the Microsoft spokesperson deemed this as inaccurate.