According to Microsoft, a hacker, or group of hackers, compromised the account of a Microsoft support agent between January 1, 2019 and March 29, 2019. The support representative handled technical complaints.
Microsoft sent out notification emails on Friday to some Outlook account owners alerting them of a breach the company suffered. Below is the copy of mail sent by Microsoft.
“This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments.”
Microsoft said that the hacker disabled the compromised support agent’s credentials once it acquired unauthorized intrusion; however, they also might have accessed and viewed the content of some Outlook users’ accounts.
According to a report by ZDNet, Microsoft confirmed that hackers did access the content of some user accounts and around six percent of the people received an email notification. Microsoft encouraged users to change their outlook credentials out of caution.
Microsoft in a statement to The Verge confirmed about the breach but didn’t confirm the number of accounts it affected. “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson.
Do you want a proactive assessment that identifies security risks on your network, endpoint, cloud, and mobile environments? Get a detailed report that shows if your environments are vulnerable to ransomware, zero-day threats, malware infections, browser exploit, data leakage and more.