Outlook.com hack much worse than initially thought

Microsoft says a "limited subset of consumer accounts" were accessed via compromised credentials, but reports suggest it's much worse

outlook app on phone

A hack that Microsoft said affected "some" of its users' email accounts is much worse than initially thought, according to reports.

On Saturday, the company confirmed that some users of its email services had been targeted by hackers. But the issue is thought to be much worse than previously reported as the hackers were able to access email content from a large number of Outlook, MSN, and Hotmail email accounts.

Advertisement - Article continues below

The tech giant has been notifying Outlook.com users that the hackers were able to access their accounts for the first three months of this year after it discovered that a support agent's credentials were compromised for its webmail services. This resulted in unauthorised access to accounts between 1 January and 28 March 2019.

According to Microsoft, the hackers could have viewed account email addresses, folder names and the subject lines of emails - but not the content of the emails or any attachments.

"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said a Microsoft spokesperson in an email to Tech Crunch.

However, in March -  before the company publicly announced the attack - an unnamed source told Motherboard that this abuse of customer support portals allowed the hackers to gain access to any email account as long as it wasn't a corporate level one.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We have identified that a Microsoft support agent's credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account," a Microsoft email posted on Reddit said.

It's not clear how many users have been affected by the breach, or who the hackers are, but they weren't able to steal login details or other personal information. As a cautionary measure, Microsoft is recommending that affected users reset their passwords.

"Microsoft regrets any inconvenience caused by this issue," says the security notification. "Please be assured that Microsoft takes data protection very seriously and has engaged it's internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence."

This latest security incident comes just weeks after a former security researcher pleaded guilty to hacking into Microsoft and Nintendo servers at Blackfriars Crown Court. And, Microsoft's Windows development servers were breached for a number of weeks in January 2017, allowing hackers across Europe to access pre-release versions of the OS.

Interestingly, the time frame for this latest hack means it was going on while Microsoft's Office 365 cloud-powered productivity suite suffered outages across Europe, with users reporting issues connecting to the cloud-hosted email servers back in January. 

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020