PSA: Microsoft Outlook Breach Worse Than Expected, Hackers Could Read Emails of 6% of Affected Users

Microsoft has revealed that one of its support agent's credentials were compromised, enabling unauthorized parties to access information from a "limited subset" of users, including e-mail addresses, folder names, subject lines, and the names of recent recipients, between January 1 and March 28 of 2019.

It gets worse, unfortunately. In a statement issued to The Verge, Microsoft said that the unauthorized parties had access to the actual content of roughly six percent of affected email accounts, as exposed by Motherboard.

In an email to affected users shared by TechCrunch, Microsoft said it has now blocked this unauthorized access, disabled the passwords of compromised accounts, and increased detection and monitoring to further protect users. Microsoft recommends users change their passwords out of an abundance of caution.

The breach affected a "limited subset" of Microsoft-managed email accounts, including Outlook, MSN, and Hotmail email addresses. No enterprise customers are believed to be affected, according to TechCrunch.

Microsoft told affected users that it has no indication why the information was viewed or how it may have been used. The company has yet to reveal how it discovered the breach, how the support agent's credentials were compromised, or if the agent was a Microsoft employee, according to TechCrunch.

Tags: Microsoft, Microsoft Outlook

Top Rated Comments

(View all)

nouveau_redneck

18 weeks ago

High time for a "internet reboot" 2.0

It's high time for companies to be held accountable for breeches in a severe monetary fashion.

The only way they are going to get better at security, or take security seriously, is if it affects their bottom line in a big way if they don't.

Rating: 7 Votes

Mr. Heckles

18 weeks ago

Good thing nobody uses Outlook.com for anything serious, lol.

I like outlook.com WAY more than gmail. Just because you don't, so that means no one uses outlook.com :rolleyes:

Rating: 4 Votes

JetTester

18 weeks ago

Yet another huge company gets hacked and loses customer data. Is there no accountability anywhere now?

Rating: 4 Votes

NachoGrande

18 weeks ago

It was a joke about how few people use it. BTW I don't use Gmail.

:rolleyes: thousands of companies use it. Including the company I work for with 25,000 users. but yeah few people use it.

Rating: 2 Votes

ArtOfWarfare

18 weeks ago

And this is why I always say - never write anything down that you wouldn't want everyone to know. I'm sure the hackers will sell the email content to someone who will blackmail the victims.

Rating: 2 Votes

justperry

18 weeks ago

High time for a "internet reboot" 2.0

Rating: 2 Votes

justperry

18 weeks ago

That won't be sufficient, a "internet reboot" 2.0 would be much better.

For instance, your private information stays on your device, end to end full encryption mandatory for the whole internet.
Keys are in your possession, not anywhere else.
Standard opt-out for everything.

Rating: 1 Votes

elvisimprsntr

18 weeks ago

Since when has M$ ever been known for quality software and robust security that this is a surprise to anyone?

Rating: 1 Votes

nouveau_redneck

18 weeks ago

And this is why I always say - never write anything down that you wouldn't want everyone to know. I'm sure the hackers will sell the email content to someone who will blackmail the victims.

These breeches are typically not about finding users to blackmail. These are typically done to gain access to ones credentials or learn about users for informed phishing attempts.

Rating: 1 Votes

jk1211

18 weeks ago

I am pretty sure I am one of the affected users, I could see weird stuffs last month with my email, I even received a notification of an app permission granted, something I don’t even use.

Because missing from the story per other news outlets is that the hacker hacked the MS EMPLOYEE, a help agent or something like that, who would have access to review email issues. I guess a support agent type thing? (the arent specific regarding their position) Since only limited data was viewed and not the full email content.

So it wouldn't have looked like anything was wrong.

To be fair no mail servers were hacked here or anything, the employee was. Or just straight careless with their login, we dont know that part; that is why Im not quite ready to hang Microsoft for this

Rating: 1 Votes

[ Read All Comments ]

Guides

Upcoming

Front Page Stories

• Apple 'Aggressively Testing' OLED Displays From China's BOE for 2020 iPhone Lineup (56)

• Apple Delaying Plans to Limit Third-Party Tracking in Kids Apps (34)

• Apple TV+ May Support Downloads for Offline Viewing, Limit Simultaneous Streams (84)

• Apple's Refurbished Store Now Offering 2019 13 and 15-Inch MacBook Pro Models (66)

• Apple Arcade Games Leaked in Hands-On Video Ahead of Fall Launch (106)

• Apple's Health Team Reportedly Facing Disagreements Over Direction, Leading to Some 'High-Profile Departures' (62)

• Apple Card Extending 3% Daily Cash to More Merchants, Starting With Uber and Uber Eats (210)

PSA: Microsoft Outlook Breach Worse Than Expected, Hackers Could Read Emails of 6% of Affected Users

Top Rated Comments

Guides

Upcoming

Front Page Stories

Apple Shares Details on Cleaning and Protecting Your Apple Card in New Support Document

Chicago Tribune Claims iPhone Radiofrequency Radiation Levels Measured Higher Than Legal Safety Limit in Tests

Samsung Created a Bunch of Pro-Green Bubble GIFs to Get Back at iPhone Users Who Prefer Blue Chat Bubbles

Apple Seeds Eighth Betas of iOS 13 and iPadOS to Developers [Update: Public Beta Available]

Case Maker Expecting Smaller Apple Pencil for Upcoming 2019 iPhones

Apple Files Several Unreleased Apple Watch and iPhone Models in Eurasian Database

2019 iPhones Said to Feature Larger Batteries Up to 3,500 mAh, Next iPhone XS May Have Dual Nano-SIM in China

Second Rumor Claims 2019 iPhones Will Come With USB-C Chargers

Our Staff

Links

Touch Arcade

YouTube