Outlook.com hack much worse than initially thought

Microsoft says a "limited subset of consumer accounts" were accessed via compromised credentials, but reports suggest it's much worse

outlook app on phone

A hack that Microsoft said affected "some" of its users' email accounts is much worse than initially thought, according to reports.

On Saturday, the company confirmed that some users of its email services had been targeted by hackers. But the issue is thought to be much worse than previously reported as the hackers were able to access email content from a large number of Outlook, MSN, and Hotmail email accounts.

The tech giant has been notifying Outlook.com users that the hackers were able to access their accounts for the first three months of this year after it discovered that a support agent's credentials were compromised for its webmail services. This resulted in unauthorised access to accounts between 1 January and 28 March 2019.

According to Microsoft, the hackers could have viewed account email addresses, folder names and the subject lines of emails - but not the content of the emails or any attachments.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said a Microsoft spokesperson in an email to Tech Crunch.

However, in March -  before the company publicly announced the attack - an unnamed source told Motherboard that this abuse of customer support portals allowed the hackers to gain access to any email account as long as it wasn't a corporate level one.

"We have identified that a Microsoft support agent's credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account," a Microsoft email posted on Reddit said.

It's not clear how many users have been affected by the breach, or who the hackers are, but they weren't able to steal login details or other personal information. As a cautionary measure, Microsoft is recommending that affected users reset their passwords.

"Microsoft regrets any inconvenience caused by this issue," says the security notification. "Please be assured that Microsoft takes data protection very seriously and has engaged it's internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence."

This latest security incident comes just weeks after a former security researcher pleaded guilty to hacking into Microsoft and Nintendo servers at Blackfriars Crown Court. And, Microsoft's Windows development servers were breached for a number of weeks in January 2017, allowing hackers across Europe to access pre-release versions of the OS.

Advertisement - Article continues below

Interestingly, the time frame for this latest hack means it was going on while Microsoft's Office 365 cloud-powered productivity suite suffered outages across Europe, with users reporting issues connecting to the cloud-hosted email servers back in January. 

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020