Thursday, 18 April 2019
Latest news
Main » Com hack more extensive than Microsoft first claimed, email contents compromised

Com hack more extensive than Microsoft first claimed, email contents compromised

15 April 2019

Even if only a small number of users had their email contents breached, not being totally honest about the situation won't have done Microsoft any PR favors, and could see customers question any future statements from the company.

Both hackers and Microsoft's breach notifications say that access to customer accounts came through compromise of a support agent's credentials.

Cybercriminals have compromised a "limited" number of Microsoft email accounts, the software giant has told customers.

Microsoft has confirmed to TechCrunch that a number of users who use the company's email services have had their details compromised in a security breach.

The hack is apparently the outcome of hackers gaining access to customer support account for Outlook.com, a tool that does give support agents full access to Outlook.com emails.

In an email being sent to affected users, Microsoft claims that apart from the content of the emails including attachments, the hackers could have possibly viewed account email addresses, folder names and subject lines of the mails sent and received, The Verge reported on Saturday.

A report from Motherboard and citing an unnamed source with knowledge of the hack reveals that the attackers could "gain access to any email account as long as it wasn't a corporate level account".

Motherboard's source further claimed that the hackers actually had access to emails for around six months prior to March, but Microsoft firmly denies that. Paid-for, enterprise accounts were unaffected-only consumer accounts were hit. In other words, the hackers aren't much interested in the email accounts per se; they just want to get their hands on those important reset-request emails so that they can boost the value of their stolen phones.

In an email to affected users, Microsoft noted that it "regrets any inconvenience caused by this issue", and that they should be "assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence".

Com hack more extensive than Microsoft first claimed, email contents compromised