Microsoft confirmed over the weekend that a number of Outlook email accounts had been compromised, yet it now appears that the security breach was much worse than originally revealed.
On the 12th of April 2019, Microsoft began notifying users of Outlook that a security breach had occurred, with hackers being able to access account email addresses, folder names and subject lines of emails for months earlier in the year. However, Microsoft has since revealed in a notification sent to around 6% of users of these platforms that email contents could also have been viewed by hackers.
Microsoft has confirmed to TechCrunch that a hacker (or group of hackers) had gained access by first breaking into a customer support account for Microsoft, and then using this to gain information related to customers email accounts. The hackers were able to gain access to any email account, apart from corporate level accounts. This means that whilst enterprise accounts were not affected by the breach, personal accounts were.
Microsoft claims that as soon as the breach was identified, the compromised customer support account was immediately disabled. However, according to a source, Microsoft did not notice the attack until the end of March, at which point the hackers would have had access for at least six months.
Microsoft has gone onto fight this claim, arguing that the breach only occurred between the 1st of January and the 28th of March. While this time frame suggests the breach only lasted three months, this is still a very serious attack, especially considering the hackers had access to personal email content.
Microsoft has since released a statement warning those affected by the hack to watch out for ‘spear phishing’ emails. With the amount of information compromised by the attack, it is likely that phishing emails will be much harder than usual to identify. They have also suggested users update passwords.
Were you affected by the Outlook.com security breach? Let us know in the comments below or Tweet us at @Hyve!