Microsoft users' e-mails exposed in data breach

Microsoft support agent's email hacked, customer emails compromised

Microsoft support agent's email hacked, customer emails compromised

Microsoft said it immediately disabled the compromised credentials when it became aware of the breach, prohibiting further access. A limited number of consumer accounts were impacted, and we have notified all impacted customers.

Microsoft clarified that this "affected a limited subset of consumer accounts" and that the malicious activity began at the start of January 2019 and ran through to nearly the end of March, so essentially lasted three months.

The tech giant says that an employee's credentials were compromised, giving a hacker access to a number of accounts for the first three months of 2019. Without providing numbers of those affected, it's known that at least some of them were in the European Union, meaning that the data breach will fall under the purview of the EU General Data Protection Regulation.

For most, this included a person's e-mail address, folder names, subject lines of e-mails and the names of other e-mail addresses users communicated with between January and March this year, but not the content of e-mails or attachments.

The hacker had access to email accounts from Outlook, MSN and Hotmail between January 1 and March 28, Microsoft said.

More news: Famed Notre Dame Cathedral is on fire
More news: Strong storms in US South kill at least 8 and injure dozens
More news: 'The Mandalorian' Reveals Four New Images And Gnarly Footage For The Fans

The support account would also have only had access to free accounts, and not to paid Office 365 email.

Microsoft did not respond to multiple requests for additional comment.

The source confirms that hackers were able to read the contents of emails, saying the access was used as part of a scam to unlock iPhones which had been stolen.

However, following a new report from Vice's Motherboard website revealing that hackers were actually able to read the content of emails, Microsoft has been forced to change its stance.

Specifically, Microsoft admitted it had sent notifications of a security breach to some users which informed them that their email content had (potentially) been read, but that this only applied to a small amount of the affected users, around 6%. It is, however, recommending users to reset their passwords just in case.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.