Com hack more extensive than Microsoft first claimed, email contents compromised

Share

The unauthorised access to this web mail data was recorded between 1 January 2019 and 28 March 2019. A limited number of consumer accounts were impacted, and we have notified all impacted customers. The breach apparently stemmed from a faulty customer support tool which allowed hackers to access any email account that wasn't a corporate account.

There's some bad news for Outlook.com users, as it's emerged that the webmail service has been compromised and some folks have had their accounts hacked, with the perpetrators even able to read emails in a limited number of cases - despite Microsoft's initial denial that email content was viewable.

In the latest of a seemingly endless string of high-profile hacks, Microsoft confirmed to TechCrunch over the weekend that a "limited" number of people who use Microsoft's email platforms - including Outlook, MSN, and Hotmail - had their accounts compromised.

"You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source", Microsoft told affected customers via email.

The support account would also have only had access to free Outlook.com/Hotmail/MSN-branded accounts, and not to paid Office 365 email. Without providing numbers of those affected, it's known that at least some of them were in the European Union, meaning that the data breach will fall under the purview of the EU General Data Protection Regulation.

In that notification, Microsoft said that no login credentials were stolen and that the attackers could not read the contents of emails. The company did say that potential hackers could only read full email content for about 6% of affected Outlook users. Users should change their passwords out of an abundance of caution.

However, responding to an article in the online Vice website Motherboard, Microsoft confirmed that some users were advised that the content of their emails may have been vulnerable to the hacker.

Share