Microsoft has confirmed that hackers can access their clients' webmail accounts for three months at the beginning of the year. Between January 1 and March 28, unknown hackers attacked the accounts of various Microsoft messaging services.
The company is currently sending notifications to those affected by the issue and recommending users to change their account passwords.
Microsoft says a "limited subset" of consumer accounts has been affected and hackers have now been arrested. The attack affected e-mail addresses @ msn.com, @ hotmail.com and @ outlook.com, but Microsoft would like to point out that even if hackers could access e-mail addresses, folder names, and objects, the contents of e-mails – including attachments – have not been accessed.
TechCrunch shares an email sent to users by Microsoft:
Microsoft is committed to providing customers with transparency. In order to maintain this trust and commitment to you, we inform you of a recent event that has affected your Microsoft managed email account.
We found that Microsoft technical support agent identification information was compromised, allowing people outside of Microsoft to access information from your Microsoft email account. This unauthorized access could have allowed unauthorized third parties to access and / or view information about your email account (such as your e-mail address, folder names, subject lines). e-mails and the names of other e-mail addresses to which you communicate with), but not the contents of e-mails or attachments, between January 1, 2019 and March 28, 2019.
As soon as he became aware of this problem, Microsoft immediately disabled the compromised credentials, forbidding their use for any other unauthorized access. Our data indicates that account information (but not e-mail content) could have been accessed, but Microsoft does not know why it was accessed or how it was used. As a result, you may receive phishing e-mails or other spam. Be careful when you receive emails from a deceptive domain name, an e-mail requesting personal information or payment, or any unsolicited request from an unreliable source (To learn more about phishing attacks, go to https://docs.microsoft.com/en-us/windows/security/threat- protection / intelligence / phishing).
It is important to note that your email login credentials have not been directly affected by this incident. However, as a precaution, you must reset your password for your account.
Microsoft has not specified the number of accounts affected by the incident, nor indicated who could be responsible for it. In addition to e-mail sent to customers, the only additional comment from Microsoft is a statement in which it says: "We treated this scheme, which affected a limited subset of consumer accounts, by disabling the information from Microsoft. compromised identification and blocking authors' access ".
Image credit: hafakot / Shutterstock