Wednesday, 19 June, 2019

Microsoft Support Breach Gets Ugly, Hackers Could Read Outlook, MSN, Hotmail Emails

The breach occurred between January and March this year Microsoft support agent's email hacked, customer emails compromised
Cecil Davis | 16 April, 2019, 08:29

Microsoft found out that the hack was done by accessing a customer support account.

Microsoft clarified that this "affected a limited subset of consumer accounts" and that the malicious activity began at the start of January 2019 and ran through to nearly the end of March, so essentially lasted three months.

According to an e-mail sent to the majority of affected users and then posted online, the firm said a Microsoft support agent's credentials were compromised, potentially allowing unauthorised access to some account information.

Having already publicly confirmed the initial details of the hack, Microsoft has now said to Motherboard that the hackers were "able to access email content from a large number of Outlook, MSN, and Hotmail email accounts". Because of that, an European Union investigation is likely to follow into whether Microsoft complied with the regulation and whether it did its best to prevent the hack. The hack did not affect enterprise accounts, it added.

Despite the perpetrators not gaining access to account passwords, Microsoft is still recommending that if you've been affected, you should change your password just as a precautionary measure.

Donald Trump says Tiger Woods to get Presidential Medal of Freedom
Woods now has 15 major championship wins to his name and is three away from equalling the all-time record of 18 - set by Nicklaus. The pro-golfer and Trump have known each other for over two decades and occasionally play golf together .

While the aforementioned leaked notification claims the hackers would not have been able to read the content of messages, Microsoft would later admit - after media reports over the weekend - that the intruders could have accessed the contents of messages belonging to a subset of those impacted by the admin account hijacking.

Microsoft did not respond to multiple requests for additional comment. If true, businesses need not worry about sensitive information being leaked, though it comes as little consolation to non-paid users who trusted Microsoft not to bungle their email.

Founded in 1996, Outlook.com is a web-based suite of webmail, contacts, tasks, and calendaring services developed and offered by Microsoft.

Motherboard's source has provided screenshots proving the email contents were, in some instances, accessed.