Microsoft reveals breach left some accounts exposed

Joanna Estrada
April 15, 2019

While the data breach is now contained, Microsoft still has to take some measures to stop itself from becoming the next Facebook!

In an email being sent to affected users, Microsoft claims that apart from the content of the emails including attachments, the hackers could have possibly viewed account email addresses, folder names and subject lines of the mails sent and received, The Verge reported on Saturday.

San Francisco: Microsoft has alerted some of its mail users of possible hacker attacks that could access their email accounts illegally, media reports said.

According to Microsoft, between January 1, 2019, and March 29, 2019, a hacker, or group of hackers, compromised the account of a Microsoft support agent, one of the company's customer support representatives that handles technical complaints.

Microsoft noted that it doesn't know which data has been viewed, or the reasons why, but that users may experience increasing phishing or spam emails as a result of the breach, therefore, it advises users to be more vigilant when checking their emails.

In follow-up questions with other Microsoft engineers, we were also told that the confusion about what the hacker might have accessed depends on whose account the hacker accessed, as the term "support agent" is used for both tech support staff, but also for engineers working with Microsoft's enterprise customers. The report mentions that Microsoft has not revealed the actual number of people affected by the breach. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.

Still, Microsoft is strongly suggesting that affected users change their passwords anyway as a security precaution.

In addition to the email sent to customers, Microsoft's only further comment is a statement in which it says: " We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access".

It is important to note that your email login credentials were not directly impacted by this incident.

Other reports by Click Lancashire

Discuss This Article