Microsoft has been compromised for months, e-mail addresses and topics, and more have been exposed

If you or someone you email to use Microsoft's webmail services, such as, you may have been involved in a data breach.

Microsoft confirmed this week at TechCrunch that the company's webmail services had been victims of a data breach. The customer data was left exposed through the compromised support agent identification information that the cybercriminals used to access the data.

Among the affected data, Microsoft noted that the following information was left exposed:

  • Email addresses
  • Email topics
  • Names of people in conversations
  • Custom folder names

Microsoft has made it known that he did not know what data had been accessed nor why, but that users could be faced with an increasing number of phishing emails or spam resulting from the breach he was giving them. therefore advise to be more vigilant when checking their e-mails.

The breach occurred over a long period of time, from January 1, 2019 to March 28, 2019. It is unclear how many people were affected, but it is said that it was one of a number "limited" people. The company confirmed that the company's users had not been affected.

Microsoft has disabled the compromised account of the support agent to prevent access to more data.

In an email sent to the affected users, Microsoft said:

Dear Customer

Microsoft is committed to providing customers with transparency. In order to maintain this trust and commitment to you, we inform you of a recent event that has affected your Microsoft managed email account.

We found that Microsoft technical support agent identification information was compromised, allowing people outside of Microsoft to access information from your Microsoft email account. This unauthorized access could have allowed unauthorized third parties to access and / or view information about your email account (such as your e-mail address, folder names, subject lines). e-mails and names of other e-mail addresses to which you communicate with), but not the contents of e-mails or attachments, between January 1 stst 2019 and 28 Marchth 2019.

As soon as he became aware of this problem, Microsoft immediately disabled the compromised credentials, forbidding their use for any other unauthorized access. Our data indicates that account information (but not e-mail content) could have been accessed, but Microsoft does not know why it was accessed or how it was used. As a result, you may receive phishing e-mails or other spam. Be careful when you receive emails from a deceptive domain name, an e-mail requesting personal information or payment, or any unsolicited request from an unreliable source (To learn more about phishing attacks, go to protection / intelligence / phishing).

It is important to note that your email login credentials have not been directly affected by this incident. However, as a precaution, you must reset your password for your account.

If you need additional help, or if you have additional questions, feel free to contact our Incident Response Team at the following address: [email protected]. If you are a citizen of the European Union, you can also contact the Microsoft Data Protection Officer at the following address:

European Delegate for Data Protection
Microsoft Ireland Operations Ltd
A Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland
[email protected]

Microsoft regrets all the inconveniences caused by this problem. Be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in investigating and resolving the problem, as well as in strengthening the systems and processes to ensure that the data is safe and secure. avoid such a recurrence.

It's a good idea to check your inbox and spam emails for an email from Microsoft. Some reports suggest that Microsoft's email eventually ends up in junk mail folders for some users.

Further reading: Microsoft,

Source link