Hackers reportedly compromised a Microsoft Corp. support agent's credentials, allowing them to gain unauthorized access to the company's various web-based email services, including Outlook, MSN and Hotmail, for at least three months in 2019.
This breach exposed not only information pertaining to certain customers' email accounts, but also in some cases the content of the emails themselves, according to an April 14 Motherboard report that provided new details into the attack, following an initial report by TechCrunch.
Microsoft last week informed affected customers of the incident via emailed notifications, one version of which was posted on Reddit by a recipient: "We have identified that a Microsoft support agent's credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account," the message states. "This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails and the names of other email addresses you communicate with), but not the content of any emails or attachments, between January 1st 2019 and March 28th 2019."
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.