Hackers compromised Microsoft’s webmail services, including Outlook.com accounts and MSN and Hotmail addresses, for months using the credentials of a customer support agent.
In an email sent to affected users, Microsoft said hackers could potentially gain access to email addresses, email subject lines, folder labels, and names of other email addresses than the user contacted. Fortunately, the content of the emails, including attachments, was not compromised, nor did login information such as passwords.
Hackers were able to perpetrate the security breach, which occurred from January 1 to March 28, by compromising the credentials of a customer support agent. Microsoft has identified the credentials used by hackers and disabled them.
Microsoft has warned that affected users could receive more spam and could be the target of phishing attempts. Affected users should remain vigilant against such attacks and are always advised to change their passwords even if the content of their emails has not been compromised, as hackers may be able to use addresses at other parties. identity theft purposes.
It is not known how many users were affected by the data breach and who the hackers behind the attack are. It appears that at least some of the affected accounts are from the European Union, as Microsoft offers contact details for the EU data protection officer.
“Rest assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in investigating and resolving the issue, as well as further strengthening of systems and processes to prevent such a repeat. Microsoft said in the letter.
The attack on Microsoft’s webmail services follows a much larger data breach discovered in January. Troy Hunt, the security researcher behind Have I Been Pwned, found what is now known as Collection No. 1. The data collection contained over 773 million records, including over 21 million words unique passwords, in 12 separate folders, with a total size of 87 GB.
It might not be as bad as Collection # 1, but people with Microsoft web-based email accounts should still follow the recommendation and change their password, just to be safe.