Hackers gain access to Microsoft email accounts for almost three months

Hackers gain access to Microsoft email accounts for almost three months

Paid-for, enterprise accounts were unaffected-only consumer accounts were hit.

On Saturday TechCrunch reported that Microsoft's Outlook.com web service has been breached for around 3 months, between January and March 2019, after "cybercriminals" managed to acquire the credentials of a customer support rep. Microsoft found out that the hack was done by accessing a customer support account.

Scammers could use the compromised email accounts to launch spam operations or steal users identities.

"Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used", the tech company informed affected users in an email.

The fact that Microsoft did not announce publicly that hackers were able to access and read private emails sent by Outlook, MSN, and Hotmail users is incredibly troubling.

Three killed in aircraft runway accident near Everest
The airport, built in 1964, is rated as one of the most unsafe airports in the world due to strong tailwinds and a short runway. Seven people, including the country's tourism minister, were killed in February when a helicopter crashed in the hilly east.

"You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source", Microsoft told affected customers via email.

Microsoft sent a warning to Outlook users detailing a hack that lasted from January 1 to March 28.

The worry was that even limited information like email subject lines could enable malicious parties to concoct a more convincing phishing scam to aim at the user whose email they have (and they could also employ extra details like the names of friends, gleaned from the email addresses the user has contacted).

While the aforementioned leaked notification claims the hackers would not have been able to read the content of messages, Microsoft would later admit - after media reports over the weekend - that the intruders could have accessed the contents of messages belonging to a subset of those impacted by the admin account hijacking. It said it had also increased detection and monitoring for the affected accounts.

Related Articles