Microsoft has confirmed that their Outlook accounts of some users has been compromised by an unknown hacker or group of hackers. Microsoft has notified the affected Outlook users and they also stated that the hackers have managed to read the contents of the email as well.
Microsoft’s Outlook hack is worse than the company originally thought it was. The hackers had access to emails for months after stealing login credentials for a Microsoft customer support agent. It is however not clear how the attackers were able to compromise Microsoft employee.
The breach allowed potential hackers to access people’s emails and read folder names, subject lines and names of other email addresses. Microsoft had disabled stolen access to the hacked customer support agent’s account.
The hacker managed to access email accounts from Outlook, MSN and Hotmail between Jan. 1 and March 28. However, the hack did not affect enterprise accounts.
The breach has affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access. Microsoft did not disclose the total number of people who were affected by the hack.
Initially, Microsoft notified that the login credentials were not stolen and that the attackers could not read the contents of emails. They had to revise this statement when they noticed that the attackers had full access to email content. They mentioned that potential hackers could only read full email content for about 6% of affected Outlook users.
Microsoft has warned all the affected people to look out for phishing emails, and recommends the users to change their password.