On Friday, Microsoft sent notification emails to some users to inform owners of Outlook accounts of a violation that the company had been victim of that could have also directly affected Outlook users.
According to Microsoft, between January 1, 2019 and March 29, 2019, a hacker or a group of hackers compromised the account of a Microsoft support agent, one of the technical support representatives of the company, which manages the technical complaints.
The OS manufacturer said that he had disabled the credentials of the compromised support agent once he had learned the unauthorized intrusion. However, the company said that there could be a possibility that the hacker will access the contents of the accounts of some Outlook users and viewed it.
"This unauthorized access could have allowed unauthorized third parties to access and / or view information about your email account (such as your e-mail address, folder names, phone lines, and e-mail). e-mail subject and the names of other e-mail addresses. "you communicate with), but not the contents of e-mails or attachments," Microsoft said in the e-mail sent to customers.
However, former Microsoft engineers have disputed this assertion that technical support agents can not view the user's email content.
"They can see how many emails you have, where is the database, the contents of the mail, the last person to whom you sent an email," said a former engineer. ZDNet via the encrypted chat.
ZDNet Contacted Microsoft for clarification on this statement, and we were told that the email notification was in fact accurate and that the hacker did not have access to users' email content or attachments, but did not go into details.
In additional questions asked by other Microsoft engineers, we also learned that the confusion regarding the hacker's access to a hacker depended on the hacker's account. The term "technical support agent" is used for both technical support personnel and technical support. engineers working with Microsoft's enterprise customers. These have had increased access to servers as they typically deal with more complex issues.
In the meantime, the company recommends users who have received email regarding this recent violation to change their Outlook.com credentials, "for the sake of caution", even if hackers do not have access to passwords of Outlook users.
ZDNet understands that the incident has only touched a small number of Microsoft Outlook users and that Microsoft has also increased the detection and monitoring of affected accounts, just to be sure that there is no unauthorized access to these accounts.
TechCrunch first reported and confirmed the hack earlier today.
Updated article to include more details on the different levels of access support agents.
More data breach coverage: