It appears that Microsoft were the victims of a big hack on their Outlook.com service earlier this year that saw many of its customers’ accounts severely compromised. The software company started notifying some Outlook.com users over this past weekend that a hacker was able to access accounts for months, earlier this year. Microsoft’s notification revealed that hackers could have viewed account email addresses, folder names, and subject lines of emails, but in a separate notification to other affected users the company also admitted email contents could have been viewed.
The notification was only sent out to around 6% of Outlooks users that were affected by the security breach after Microsoft discovered that a support agent’s credentials were compromised for its webmail service, allowing unauthorised access to some accounts between January 1st and March 28th, 2019. It’s worth noting though that there is no confirmation that anything malicious has occurred and Microsoft reiterates that the message is merely just a word of caution that credentials could be compromised. It’s not clear exactly how the 6% tie into the compromised user accounts or why.
The company did provide an official statement to The Verge, clarifying the security breach further as well:
Our notification to the majority of those impacted noted that bad actors would not have had unauthorized access to the content of e-mails or attachments. A small group (~6 percent of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support.
Microsoft also offers several two-factor authentication methods with their emails, and you would think support agents shouldn’t have access to people emails without some form of authentication from users in place. It is a concern that the company claims was rectified though it is still alarming nonetheless.
Exactly how many email accounts they have is unclear, but 6% is a very large number. Many private people have moved on to rather use Gmail than the former Hotmail.com service that Outlook.com replaces, but Microsoft’s email client is still popular with many, especially due to its Office 365 integrations and so the breach was potentially quite massive.
Last Updated: April 16, 2019
Admiral Chief Hype Train
April 16, 2019 at 14:28
The fail is strong here