Microsoft has confirmed that a group of hackers accessed MSN, Hotmail and Outlook accounts by compromising a customer support agent’s credentials. Once the issue was discovered, the company sad that it disabled the credentials
In statements made to TechCrunch, Microsoft confirmed the scale of the event to TechCrunch after reports emerged that Outlook users were being notified that cybercriminals had been able to access their accounts between January 1 and March 28 2019.
Microsoft said that these hackers potentially could have viewed account email addresses, folder names and subject lines of emails and initially claimed that the content of emails had not been compromised. However, it has since admitted a statement to Motherboard that some users had the content of their emails hacked, revealing the hack to be considerably more serious than first assumed.
Microsoft has also said that the hackers weren’t able to steal login details or other personal information, though nevertheless has advised affected users reset their password. In a security notification sent to affected users, the tech giant says it “regrets any inconvenience caused by this issue”. The company has also advised users that they may need to be extra vigilant about potential phishing emails that may masquerade as emails sent from their regular contacts.
There are still many mysteries attached to this breach. Microsoft has not confirmed how many people or accounts were hit by the breach, nor in what territories. It also has yet to confirm how the agent’s credentials were compromised and whether that agent was a Microsoft employee or a third-party worker.
Breach announcements have become a regular occurrence in the cybersecurity world, yet 2019 has seen a particular intense swell of hacks. Most notably, January 2019 saw one of the biggest reported data breaches in history which saw close to 773m unique email addresses and 21m unique passwords posted to a hacking forum.
The hack, dubbed Collection #1 by cybersecurity professional Troy Hunt who first discovered the data breach. Hunt is the founder of Have I Been Pwned, a free service aggregrates data breackes and allows people to use their email addresses to search whether they’ve ever been hit in these kinds of cyberattack.
Collection #1 fails to scoop the record for the largest breach in history however—that distinction belongs to Yahoo, now owned by Verizon, which had data from a staggering 1bn user accounts compromised in August 2013.
Microsoft district headquarters in Indianapolis. Image: jetcityimage2/Depositphotos
The post Microsoft admits hackers infiltrated Outlook, MSN and Hotmail accounts appeared first on Silicon Republic.
Source:: Silicon Republic