Published: Mon, April 15, 2019
IT | By Lester Massey

Microsoft reveals Outlook hackers were able to gain access to private emails

Microsoft reveals Outlook hackers were able to gain access to private emails

Although the source claims this went on for at least six months, Microsoft says the hackers had access from January 1st to March 28th. A limited number of consumer accounts were impacted, and we have notified all impacted customers.

A hacker or group of hackers gained access to a customer support account for Microsoft, from which they then got access to information on customer accounts, including whom they communicated with.

There's some bad news for users, as it's emerged that the webmail service has been compromised and some folks have had their accounts hacked, with the perpetrators even able to read emails in a limited number of cases - despite Microsoft's initial denial that email content was viewable.

The company told affected users in an email that "the content of any emails or attachments" were not accessed in the breach earlier this year, and that it "immediately disabled the compromised credentials" once it became aware of the issue.

Microsoft was forced to revise its statement after Motherboard found that the attackers had full access to email content.

The support account would also have only had access to free accounts, and not to paid Office 365 email.

The source confirms that hackers were able to read the contents of emails, saying the access was used as part of a scam to unlock iPhones which had been stolen. "Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence".

Now Motherboard report that the attack was actually much worse than Microsoft admitted, with a source able to offer them evidence such as screenshots which pre-dates Microsoft's confirmation.

The company added that although password information had not been affected, it encouraged users to change their log-in details "out of caution".

Like this: