Microsoft has confirmed that hackers were able to access customers' web-based email accounts for three months at the beginning of the year. Between January 1 and March 28, unknown hackers reached the accounts of various Microsoft e-mail services.
The company is currently sending notifications to those affected by the issue and recommending that users change their account passwords.
Microsoft says a "limited subset" of the consumer account was affected and the hackers were now stopped. The attack affected the email addresses of @ msn.com, @ hotmail.com and @ outlook.com. However, Microsoft stresses that hackers may have been able to access emails, folder names, and email subject lines for email content, including attachments.
TechCrunch shares an e-mail with Microsoft users:
Microsoft is committed to providing transparency to our customers. To maintain this trust and commitment to you, we'll keep you informed of a recent event that has affected your Microsoft-managed email account.
We've found that the credentials of a Microsoft Support Agent have been compromised, so people outside Microsoft can access information in your Microsoft email account. This unauthorized access may give unauthorized persons access to and / or information about your email account (such as your email address, folder names, subject lines of emails, and the names of other emails Addresses), but not the content of emails or attachments between January 1, 2019 and March 28, 2019.
Knowing this issue, Microsoft immediately disabled the violated credentials and prohibited their use for any further unauthorized access. Our data indicates that account-related information (but not the content of emails) may have been displayed. However, Microsoft has no clues as to why this information was displayed or how it was used. As a result, you may receive phishing emails or other spam. You should be careful when receiving email from misleading domain names, emails requesting personal information or payments, or unsolicited requests from an untrusted source (for more information on phishing attacks, see https: // docs. microsoft.com/de-de/windows/security/threat-protection/intelligence/phishing).
Note that your email credentials were not directly affected by this incident. As a precaution, however, you should reset your password for your account.
Microsoft did not specify how many accounts were affected by the incident, nor did it give any indication of who was possibly responsible. Aside from the email sent to customers, the only other comment from Microsoft is a statement that states, "We addressed this scheme, which affected a limited number of consumer accounts by disabling the credentials involved and the perpetrators' access has been blocked ".
Image credit: Hafakot / Shutterstock