Microsoft has revealed that one of its support agent's credentials were compromised, enabling unauthorized parties to access information from a "limited subset" of users, including e-mail addresses, folder names, subject lines, and the names of recent recipients, between January 1 and March 28 of 2019.
It gets worse, unfortunately. In a statement issued to The Verge, Microsoft said that the unauthorized parties had access to the actual content of roughly six percent of affected email accounts, as exposed by Motherboard.
In an email to affected users shared by TechCrunch, Microsoft said it has now blocked this unauthorized access, disabled the passwords of compromised accounts, and increased detection and monitoring to further protect users. Microsoft recommends users change their passwords out of an abundance of caution.
The breach affected a "limited subset" of Microsoft-managed email accounts, including Outlook, MSN, and Hotmail email addresses. No enterprise customers are believed to be affected, according to TechCrunch.
Microsoft told affected users that it has no indication why the information was viewed or how it may have been used. The company has yet to reveal how it discovered the breach, how the support agent's credentials were compromised, or if the agent was a Microsoft employee, according to TechCrunch.