Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent.
The hacker used compromised support agent credentials to access customer data and is thought to have been able to access the data for three months. During this period, hackers could access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach has affected some, but not all, users of Microsoft web services such as Hotmail, MSN, and Outlook.
Microsoft customers were affected due to a data security incident that occurred on January 1, 2019, when a Microsoft support agent’s account details were compromised. The attackers then gained access to information in customers’ accounts.
The breach was detected on March 28. Microsoft immediately took action disabled the compromised credentials and inhibit access to customer information. The branch appears to only have affected personal account holders. Corporate accounts were not affected by the breach.
Microsoft sent an incident information letter to all individuals affected by the breach disclosing some details of the incident. According to the letter, attackers did not have access to the content of emails or email attachments. Hackers could only access information related to the account.
Microsoft believes that due to the nature of the information affected by the breach, individuals are at low risk of identity theft or other nefarious uses of their data. Out of an abundance of caution, Microsoft has warned that they may receive spam and phishing emails as a result of the breach and have been told to exercise caution.
It has been reported that Microsoft has hidden the true extent of the breach. Motherboard, a website that covers cybersecurity news, reports that the hack is worse than Microsoft claims.
An unknown source informed Motherboard of the breach before Microsoft had publicly confirmed it. Motherboard’s source said the breach lasted for at least 6 months. Further, the source said the hackers could access the content of email messages.
Microsoft has stated that around 6% of accounts were accessible by the hacker but has not confirmed precisely the number of accounts affected by the breach. Since the number of accessible accounts is not known, it is impossible to tell how many users were affected. Microsoft says only a small number of accounts were affected. Motherboard’s source contradicts this statement, claiming that the breach impacted a large number of accounts and that the compromised credentials belonged to an individual with high-level privileges.