Hackers Have Had Access To Certain Outlook Accounts For Months, Says Microsoft
In timing that can only have been used to try and bury horrendous news, Microsoft has confirmed that a hacker was able to gain access to Outlook.com accounts over a period of months. Three of them, to be exact.
The problem apparently cropped up after someone gained access to a support agent’s credentials from January 1st 2019 through March 28th 2019. Using the compromised credentials, a third party was able to gain access to email address, folder names, and email subjects although the bodies of emails, or their attached files, were not viewable.
As you might expect, the compromised credentials have now been disabled, with Microsoft emailing users who’s accounts were compromised. No passwords were ever viewable by those who gained access, but Microsoft is advising that everyone change their password anyway. That’s pretty standard procedure when breaches like this occur, and Microsoft also notes that people ought to be extra wary of any phishing attempts right now. However, Microsoft isn’t saying how many users were impacted.
“Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source.
It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.”
If you have an Outlook.com email address but have not received any email advising you of the issue, then you’re not impacted. It might still be a good idea to change your password anyway, but we wouldn’t suggest that it’s absolutely necessary.