This week, Microsoft admitted that "cybercriminals" had compromised a small number of Outlook.com accounts. But the firm claims to have no idea how the accounts were compromised.
"Microsoft has recently realized a problem involving cyber criminals unauthorized access to web-based email accounts of some customers," reads Microsoft in a statement to Techcrunch. "We solved this problem by disabling the compromised credentials for the limited set of targeted accounts, while blocking the authors' access.A limited number of consumer accounts were affected and we We have informed all concerned customers, and as a precaution we have also increased detection and monitoring to better protect the affected accounts. "
Here is what we know.
The accounts were compromised in January, February and March 2019.
To access customer accounts, cybercriminals first compromised the accounts of Microsoft technical support representatives. Microsoft does not know how it happened, but has since disabled these accounts.
"Be careful when you receive emails from a deceptive domain name, an e-mail requesting personal information or payment, or any unsolicited request from a source unreliable, "reads in a Microsoft e-mail to compromised customers. The problem is, of course, that Microsoft technical support representatives usually have to trust.
Compromises include only Outlook.com consumer accounts, not commercial (business) accounts of any type.
Although this incident does not have a direct impact on email login credentials, Microsoft recommends that all affected customers reset their email password as a precaution.
Marked with security