Hackers get access to Hotmail, Outlook.com e-mail accounts
16 April 2019 | 0
Hackers reportedly compromised a Microsoft customer support account, exposing its credentials, and by extension customer e-mail on Microsoft web-based e-mail services like Hotmail, Outlook.com, and MSN.
TechCrunch reported over the weekend that Microsoft is sending e-mails to affected users, warning them of the issue. Presumably, those users who have not been contacted are unaffected. (Microsoft hasn’t said how many accounts were affected, nor did the company identify the specific services affected.)
At the time, Microsoft believed the attackers would only be able to read header information, such as the subject line or the address from which the e-mail was sent. On Monday, however, Motherboard reported that e-mail content was accessible as well. Microsoft then confirmed to Motherboard that a small number of users – 6%, according to Motherboard – had received e-mail notifications stating that their e-mail content had been impacted.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft representative said in an e-mail. She also confirmed that a “small group,” the 6% of the original Motherboard cited, was notified that the bad actors could have had unauthorised access to the content of their e-mail accounts, and was provided with additional guidance and support.
According to the original e-mail sent to users, Microsoft said that the login information of individual users was not at risk; however, the company warned that attackers could send phishing e-mails or other attempts to either trick or pry personal information away from users. Microsoft recommended that users change their passwords as a precaution.
Unfortunately, if a user was one of the small number of users whose e-mails were directly accessed, that means that any personal information communicated during the 1 January – 28 March timeframe is potentially compromised.
“Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of this issue, as well as additional hardening of systems and processes to prevent such recurrence,” Microsoft’s original e-mail stated, as reported by a user on Reddit.
If you use one of Microsoft’s affected services, consider changing your password anyway – the scope of the breach may widen. Also, dig down into your spam folder. While it’s unlikely that an e-mail of this importance was buried, it’s possible, and you’ll want to know about it.
IDG News Service