Hackers Access Microsoft Email Accounts

Microsoft has confirmed that hackers targeted an unspecified number of users’ online email accounts across Outlook, Hotmail and MSN services for a period of three months after hacking a customer support account.

The incident took place after hackers compromised the login credentials of a technical support representative, and lasted from 1 January to 28 March of this year, Microsoft said.

The credentials gave the hackers access to some customers email information, including subject lines, identities of email recipients and the names of folders.

“The content of any emails or attachments” were not affected, nor were passwords, Microsoft said in an email sent to users.

Email access

“Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access,” Microsoft said in the email.

The company said it didn’t know why the hack occurred but warned users that they “may receive phishing emails or other spam mails” as a result.

While login credentials weren’t affected, Microsoft advised users to reset their passwords as a precautionary measure.

However, website Motherboard cited an unnamed source as saying that the hackers were able to access more data on some users, including the contents of emails.

Motherboard’s report said the hackers had been able to access more data on users with free accounts, while access was more limited for those with paid or enterprise accounts.

Microsoft confirmed the report, saying the additional data access affected a subset of those affected, about 6 percent.  It said those users had also been notified.

Compromise

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” Microsoft said in a statement.

The company didn’t specify how many users were affected overall.

Microsoft didn’t indicate where the affected users were located, but included contact information for its EU data protection officer in the email to users, suggesting at least some of them were based in Europe.

“Microsoft regrets any inconvenience caused by this issue,” Microsoft said in the email.

The incident follows one of the biggest data breaches ever uncovered, when a security researcher in January uncovered a trove of some 773 million email addresses and passwords from multiple providers.

The credentials had been posted to a popular hacking forum in mid-December.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Boeing Starliner Launches Successfully, On Route To International Space Station

Boeing's crewless space taxi, CST-100 Starliner, one step closer to NASA certification, as it enters…

2 days ago

Apple Accused By Union Of Staff Law Violations At NY Store

Staff at Apple's World Trade Centre store in New York are allegedly being questioned and…

2 days ago

Canada To Join Five Eyes 5G Ban On Huawei/ZTE

Making it official. Canada is to turn its unofficial ban on 5G kit from Huawei…

2 days ago

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

3 days ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

3 days ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

3 days ago