Microsoft has confirmed a breach affecting an ‘limited’ number of people using their web email services. Affected email services include Outlook, MSN, and Hotmail email accounts. The breach occurred for three months between January 1st and March 28th this year.
Microsoft has not revealed how many people were hit and where they are located. According to TechCrunch, some affected users were located in the European Union.
A group of hackers were able to conduct their attack by compromising the account of a Microsoft support agent. This agent handles customer support representatives that handle technical complaints. The attackers potentially had access to users’ email address, folder names, subject lines of emails, and email addresses of users the victim contacts. They did not have access to any emails, attachments, or credentials like passwords. The company is unsure what data was accessed by the attackers however, they have confirmed that around six percent of users had their content accessed. Further, email users’ calendars and birth dates were readily available for hackers to grab.
Since the discovery of the breach, Microsoft has disabled the credentials of the support agent. Additionally, Microsoft has notified affected users in an email saying:
“We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account, This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments”
Microsoft is recommending affected users change their passwords. As a precaution, Microsoft has increased monitoring and detection for all affected accounts. They are also warning users to be wary of any emails they receive coming from unknown users. Affected users are at higher risk of being targeting in in phishing or spam emails.
Contact LIFARS immediately if your organization was compromised