Want to share with your friends too?

Science
16 Apr 2019

Microsoft admits Outlook email hack worse than originally thought

Microsoft says Outlook hackers accessed some emails

Just recently, we reported that some unknown hackers compromised the account of a Microsoft support agent and gained access to Outlook accounts of a small number of users.

The Redmond giant initially claimed that the email content from these accounts was not compromised, but now, Motherboard reports that the hack did compromise some emails.

Here are the details.

In context

Microsoft says Outlook hackers accessed some emails
Attack from support agent account

Attack

Attack from support agent account

In an email on April 14, Microsoft apprised affected individuals about the breach and claimed that the issue stemmed from the compromised credentials of one of its support agents.

The company said the hackers were able to access select user accounts between January 1 and March 28, 2019, but did not provide any information on the total number of users impacted from the issue.

More importantly, Microsoft said emails content not accessed

The notification from Microsoft claimed that the hackers may have accessed information like email addresses, folder names and subject lines, but emphasized that the content of the emails or attachments were not compromised.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

Evidence

Then, Motherboard presented screenshots from a source

Just as the report of this breach circulated, Motherboard presented a report showing screenshot-based evidence of emails being compromised.

The screenshots showed that the hackers had access to the body of emails, prompting Microsoft to admit that 6% of the affected users had their emails compromised in the same hack.

Then, the company added that it had notified those users as well.

Here's what Microsoft said on the matter

"A small group was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support," a Microsoft spokesperson told The Verge, noting most accounts were informed about emails not being compromised.

Issue fixed, investigation underway

Fix

Issue fixed, investigation underway

Microsoft says it has blocked the perpetrator's access by disabling the credentials they had used in the first place.

The company notes that login-passwords were not breached but recommends changing passwords for an additional line of security.

It's looking into the matter but there's no word on who may have carried out the attack or how they may have used the account-related information.

Ask NewsBytes
User Image

Next Timeline