Published: Mon, April 15, 2019
Tech | By

Hackers in Microsoft's webmail breach could read some users' messages

Hackers in Microsoft's webmail breach could read some users' messages

Microsoft recently became aware of an issue involving unauthorized access to some customers' web-based email accounts by cybercriminals. We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators' access.

In confirming the hack over the weekend, Microsoft claimed that the attackers accessed an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicated with - "but not the content of any e-mails or attachments". "In 2014, Microsoft looked into the email account of a French blogger to identify a Windows 8 leaker", highlighted the Motherboard report.

Microsoft first confirmed to Techcrunch that its email service has been compromised for months, with hackers being able to access subject lines of emails and names of people within conversations in select accounts. Paid-for, enterprise accounts were unaffected-only consumer accounts were hit.

However, responding to an article in the online Vice website Motherboard, Microsoft confirmed that some users were advised that the content of their emails may have been vulnerable to the hacker. In other words, the hackers aren't much interested in the email accounts per se; they just want to get their hands on those important reset-request emails so that they can boost the value of their stolen phones.

The company did not state how many people were affected, but said it was "a limited number of consumer accounts". The company did say that potential hackers could only read full email content for about 6% of affected Outlook users. Without providing numbers of those affected, it's known that at least some of them were in the European Union, meaning that the data breach will fall under the purview of the EU General Data Protection Regulation. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.

Like this: