Just recently, we reported that some unknown hackers compromised the account of a Microsoft support agent and gained access to Outlook accounts of a small number of users.
The Redmond giant initially claimed that the email content from these accounts was not compromised, but now, Motherboard reports that the hack did compromise some emails.
Here are the details.
Attack from support agent account
In an email on April 14, Microsoft apprised affected individuals about the breach and claimed that the issue stemmed from the compromised credentials of one of its support agents.
The company said the hackers were able to access select user accounts between January 1 and March 28, 2019, but did not provide any information on the total number of users impacted from the issue.
More importantly, Microsoft said emails content not accessed
The notification from Microsoft claimed that the hackers may have accessed information like email addresses, folder names and subject lines, but emphasized that the content of the emails or attachments were not compromised.
Then, Motherboard presented screenshots from a source
Just as the report of this breach circulated, Motherboard presented a report showing screenshot-based evidence of emails being compromised.
The screenshots showed that the hackers had access to the body of emails, prompting Microsoft to admit that 6% of the affected users had their emails compromised in the same hack.
Then, the company added that it had notified those users as well.
Here's what Microsoft said on the matter
"A small group was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support," a Microsoft spokesperson told The Verge, noting most accounts were informed about emails not being compromised.
Issue fixed, investigation underway
Microsoft says it has blocked the perpetrator's access by disabling the credentials they had used in the first place.
The company notes that login-passwords were not breached but recommends changing passwords for an additional line of security.
It's looking into the matter but there's no word on who may have carried out the attack or how they may have used the account-related information.