On Saturday, Microsoft confirmed to TechCrunch that their email services were hacked from January 1, 2019, till March 28, 2019. Microsoft told TechCrunch, “Certain ‘limited’ number of people who use web email services managed by Microsoft—which cover services like MSN and Hotmail—had their accounts compromised.”
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access”, a Microsoft spokesperson told in an email.
Following this, Microsoft sent out an email to all the affected users stating that hackers were potentially able to access an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail address the user communicates. However, they were not able to access the content of any e-mails or attachments or login credentials like passwords. Microsoft recommended the affected users to reset their account password.
Microsoft undersold scale and severity of breach in its initial statements, which said email content wasn’t compromised. We confirmed email content was readable and that it was abused and used for SIM swapping
— Jason Koebler (@jason_koebler) April 14, 2019
According to the letter from Microsoft to affected users, the hackers got into the system by compromising a customer support agent’s credentials. Once identified, those credentials were disabled. Microsoft informed the users that it didn’t know what data was viewed by the hackers or why, but cautioned that users might, as a result, see more phishing or spam emails as a result.
“You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source”, the letter mentioned.
To know more about this news, head over to TechCrunch.
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Savia Lobo. Read the original post at: https://hub.packtpub.com/microsoft-reveals-certain-outlook-com-user-accounts-were-hacked-for-months/