Microsoft Outlook breach impacts MSN an Hotmail
A recently disclosed Microsoft email platform breach is much worse than previously thought. It now impacts a large number of Outlook accounts as well as MSN and Hotmail email accounts. Outlook users reported receiving notifications from Microsoft on Friday. The notification warned of a data breach affecting accounts between Jan. 1 and March 28, but said that the breach only impacted accounts, and that the content of emails and any attachments were not exposed. According to a Motherboard report, the hackers were able to access email content, and that the breach affected a large number of Outlook, MSN and Hotmail email accounts.
According toMotherboard, Microsoft confirmed that hackers gained access to email contact for about 6 percent of non-corporate users. A Microsoft spokesperson said that the have addressed this by disabling the compromised credentials and blocked the perpetrators' access. Microsoft said it notified the majority of those impacted that hackers would not have had unauthorized access to the content of e-mails or attachments. But it said that it notified a small group, representing around 6 percent of the impacted customers, that the hackers may have had unauthorized access to the content of their email accounts.
Microsoft said that the breach first occurred after a Microsoft support agent's credentials were compromised, enabling individuals outside Microsoft to access the victims' email. Hackers then gained unauthorized access to email account related information including email addresses, folder names, email subject lines and recipient email addresses. "Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access," Microsoft said. "Our data indicates that account-related information (but not the content of any emails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used."
Microsoft Outlook have been troubled by vulnerabilities over the past year, including a patched bug that allowed attackers to steal victims' Windows account password and a remote code-execution vulnerability that could give hackers control if they are logged into their Windows PC with administrator user rights. Microsoft said that as a result of the breach, customers may received phishing emails or other spam mail.
You should be careful when receiving any emails from any misleading domain name, any email that requests personal information or payment, or any unsolicited request from an untrusted source. As a precaution, all Outlook users should change their passwords and secret questions, as well as passwords for any other accounts that sent, or could have sent, a password recovery link to their Outlook email.