[ad_1]
Microsoft admitted that its security breach in Outlook.com was worse than the one originally disclosed by the company. The software maker started to warn some Outlook.com users on Friday night that a hacker had been able to access accounts for months earlier this year. Microsoft's notification revealed that hackers may have accessed account email addresses, folder names, and e-mail subject lines, but in a separate notification to other affected users, the company also admitted that the contents of the e-mails could have been consulted.
Vice's motherboard revealed Sunday that Microsoft had sent a different notification message to about 6% of the affected Outlook.com accounts, and that the company had only admitted it when it had been shown a screenshot showing that the violation was much worse for those customers. Microsoft discovered that the credentials of a support agent were compromised for its webmail service, which allowed unauthorized access to certain accounts between January 1 and March 28, 2019.
Hackers were able to access certain accounts for six months and used this access to reset iCloud accounts related to stolen iPhones. A spokesman for Microsoft tells The edge "The 6-month complaint is inaccurate," and pointed to the company's notification mentioning access between January 1 and March 28, 2019. Microsoft also clarified that the vast majority of Outlook.com accounts involved had received the notification The edge published over the weekend.
"Our notification to the majority of affected people indicated that bad actors would not have had unauthorized access to the contents of emails or attachments," said a spokesman for Microsoft in a statement to The edge. "A small group (about 6% of the initial subset, already limited of consumers) was informed that the bad actors could have had unauthorized access to the contents of their email accounts and received additional advice and support.
Microsoft still refuses to reveal how many accounts have been affected.
[ad_2]
Source link