PSA: Microsoft Outlook Breach Worse Than Expected, Hackers Could Read Emails of 6% of Affected Users

Microsoft has revealed that one of its support agent's credentials were compromised, enabling unauthorized parties to access information from a "limited subset" of users, including e-mail addresses, folder names, subject lines, and the names of recent recipients, between January 1 and March 28 of 2019.


It gets worse, unfortunately. In a statement issued to The Verge, Microsoft said that the unauthorized parties had access to the actual content of roughly six percent of affected email accounts, as exposed by Motherboard.

In an email to affected users shared by TechCrunch, Microsoft said it has now blocked this unauthorized access, disabled the passwords of compromised accounts, and increased detection and monitoring to further protect users. Microsoft recommends users change their passwords out of an abundance of caution.

The breach affected a "limited subset" of Microsoft-managed email accounts, including Outlook, MSN, and Hotmail email addresses. No enterprise customers are believed to be affected, according to TechCrunch.

Microsoft told affected users that it has no indication why the information was viewed or how it may have been used. The company has yet to reveal how it discovered the breach, how the support agent's credentials were compromised, or if the agent was a Microsoft employee, according to TechCrunch.



Top Rated Comments

(View all)
Avatar
2 weeks ago

High time for a "internet reboot" 2.0


It's high time for companies to be held accountable for breeches in a severe monetary fashion.

The only way they are going to get better at security, or take security seriously, is if it affects their bottom line in a big way if they don't.
Rating: 7 Votes
Avatar
2 weeks ago

Good thing nobody uses Outlook.com for anything serious, lol.


I like outlook.com WAY more than gmail. Just because you don't, so that means no one uses outlook.com :rolleyes:
Rating: 4 Votes
Avatar
2 weeks ago
Yet another huge company gets hacked and loses customer data. Is there no accountability anywhere now?
Rating: 4 Votes
Avatar
2 weeks ago

It was a joke about how few people use it. BTW I don't use Gmail.

:rolleyes: thousands of companies use it. Including the company I work for with 25,000 users. but yeah few people use it.
Rating: 2 Votes
Avatar
2 weeks ago
And this is why I always say - never write anything down that you wouldn't want everyone to know. I'm sure the hackers will sell the email content to someone who will blackmail the victims.
Rating: 2 Votes
Avatar
2 weeks ago
High time for a "internet reboot" 2.0
Rating: 2 Votes
Avatar
2 weeks ago

It's high time for companies to be held accountable for breeches in a severe monetary fashion.

The only way they are going to get better at security, or take security seriously, is if it affects their bottom line in a big way if they don't.


That won't be sufficient, a "internet reboot" 2.0 would be much better.

For instance, your private information stays on your device, end to end full encryption mandatory for the whole internet.
Keys are in your possession, not anywhere else.
Standard opt-out for everything.
Rating: 1 Votes
Avatar
1 week ago
Since when has M$ ever been known for quality software and robust security that this is a surprise to anyone?
Rating: 1 Votes
Avatar
2 weeks ago

And this is why I always say - never write anything down that you wouldn't want everyone to know. I'm sure the hackers will sell the email content to someone who will blackmail the victims.


These breeches are typically not about finding users to blackmail. These are typically done to gain access to ones credentials or learn about users for informed phishing attempts.
Rating: 1 Votes
Avatar
2 weeks ago

I am pretty sure I am one of the affected users, I could see weird stuffs last month with my email, I even received a notification of an app permission granted, something I don’t even use.


Because missing from the story per other news outlets is that the hacker hacked the MS EMPLOYEE, a help agent or something like that, who would have access to review email issues. I guess a support agent type thing? (the arent specific regarding their position) Since only limited data was viewed and not the full email content.

So it wouldn't have looked like anything was wrong.

To be fair no mail servers were hacked here or anything, the employee was. Or just straight careless with their login, we dont know that part; that is why Im not quite ready to hang Microsoft for this
Rating: 1 Votes
[ Read All Comments ]