Microsoft confirms Outlook.com and Hotmail accounts were breached – Naked Security

0
59
Microsoft confirms Outlook.com and Hotmail accounts were breached – Naked Security


Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer Outlook.com, Hotmail and MSN Mail email accounts, Microsoft has confirmed.

News of the attack first emerged late last week when the company started sending emails to what seems to be a small subset of affected users which ended up being discussed on Reddit:

We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account.

Microsoft says that data access was limited:

This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments.

When Microsoft realised the stolen credentials were being abused, it disabled the access, the company added. The crucial sentence:

It is important to note that your login credentials were not directly impacted by this incident.

Microsoft still recommends that everyone receiving a notification should change these as a precaution, and also warned that affected users were now at risk of receiving phishing emails.