Thursday, 18 April 2019
Latest news
Main » Microsoft email breach gave hackers access to account information for months

Microsoft email breach gave hackers access to account information for months

16 April 2019
Microsoft email breach gave hackers access to account information for months

When shown the screenshot, Microsoft apparently confirmed that hackers did in fact gain access to the actual contents of emails, though not everyone's.

Microsoft clarified that this "affected a limited subset of consumer accounts" and that the malicious activity began at the start of January 2019 and ran through to nearly the end of March, so essentially lasted three months.

"You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source", Microsoft told affected customers via email.

In confirming the hack over the weekend, Microsoft claimed that the attackers accessed an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicated with - "but not the content of any e-mails or attachments".

Even if only a small number of users had their email contents breached, not being totally honest about the situation won't have done Microsoft any PR favors, and could see customers question any future statements from the company.

As of now, it remains undisclosed exactly how many users were affected by the breach.

"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators access", a Microsoft spokesperson said.

The company said it was providing additional guidance and support to those users.

The firm warned in its e-mail that users might receive more spam and phishing e-mails as a result of the incident, and urged users not to click on links from e-mail addresses they did not recognise.

The source confirms that hackers were able to read the contents of emails, saying the access was used as part of a scam to unlock iPhones which had been stolen. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.