Outlook.com accounts breached for months as Microsoft issues notifications to affected accounts


A hacker has been accessing some Outlook.com accounts for months earlier this year. Microsoft just started sending out notifications to customers with potentially compromised accounts (via TheVerge). The software giant discovered that a web mail service support agent’s credentials were compromised allowing unauthorized access to some accounts between January 1st and March 28th, 2019. Microsoft says the hackers could have viewed account email addresses, folder names, and subject lines of emails, but not the content of emails or attachments.

Microsoft has not indicated how many users have been affected by the breach, or who was involved in obtaining access to Outlook.com email accounts.

 “Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” says Microsoft in an email to affected users.

Microsoft had a similar attack back in 2017 when Windows development servers were breached for a number of weeks in January of the same year. The breach allowed hackers across Europe to access pre-release versions of Windows. The hackers weren’t able to steal login details or other personal information.

Microsoft issuing the notification is out of caution as they are recommending that affected users reset their passwords. 

“Microsoft regrets any inconvenience caused by this issue,” says the security notification. “Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.”