Microsoft’s email services were hacked and attackers could access email accounts (@msn.com, @hotmail.com, @outlook.com, etc.) of users of these services. Microsoft has confirmed the hack.
On Friday (04/12/2019) Microsoft sent notification emails to some users. In these mails the Outlook account holders were informed about a hack of their accounts. They report several media like Techcrunch, ZDnet and others, which were informed by readers about this hack and the Microsoft mail. Media like Techcrunch, ZDnet and others, which were informed by readers about this hack and the Microsoft mail, reported that.
According to the email Microsoft sent to affected users, malicious hackers could potentially access the email addresses of affected users, their folder names, email subject lines, and the names of other email addresses with which the user communicates. However, there was no access “to the contents of emails or attachments,” nor, it appears, to credentials such as passwords.
Microsoft confirms the hack
Microsoft has confirmed to TechCrunch that a “limited” number of users of Microsoft web email services such as @msn.com and @hotmail.com were affected by a hack. According to Microsoft, a hacker or group of hackers compromised a Microsoft support agent’s account between January 1, 2019 and March 29, 2019. It was the account of a company customer service representative handling technical complaints.
The attackers must have used the credentials of the compromised Support Agent account to access users’ mail accounts. After Microsoft noticed the hack, the compromised support agent’s credentials were disabled.
However, the company confirms the possibility that the hacker may have read access to the contents of some Outlook accounts. “We stopped this attack, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking access by the perpetrators,” a Microsoft spokesperson said in an email to Techcrunch. Enterprise customers were unlikely to be affected, Techcrunch said. Microsoft recommends that affected users change their passwords.