Microsoft support agent's email hacked, customer emails compromised

Gerald Bowen
April 16, 2019

The compromise lasted from Jan 1.to March 28., with Microsoft disabling the compromised credentials as soon as it became aware of the situation.

In confirming the hack over the weekend, Microsoft claimed that the attackers accessed an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicated with - "but not the content of any e-mails or attachments". A source described the attack before Microsoft released its statement, and then provided screenshots to prove it. Microsoft then confirmed to Motherboard that some email content had been accessed.

The Redmond software giant has sent Hotmail, MSN, and Outlook cloud users notifications that the unnamed customer support rep's account was compromised by hackers who would have subsequently gained "limited access" to certain parts of some customer email accounts, including the ability to read messages in particular cases.

"Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access", the company said.

Global measles cases up 300 percent year-on-year
Before the development of the measles vaccine in the 1960s, the USA recorded almost a half million cases each year, the CDC says. However, the claim spread fear among parents, leading to a small but vocal faction that makes up the current anti-vax movement.

Zidane tells Real Madrid: Ronaldo is GONE. Move on
But Karim Benzema levelled at the second attempt, scoring the rebound after Ivan Cuellar had palmed his shot. Playing 10 or 15 minutes is hard for those who come into the game, it was the same with Lucas [Vazquez].

Potential for T-storms, heavy rain, strong winds today: National Weather Service
Homes were damaged about 250 miles (402 kilometers) to the north in Glencoe, and there's scattered damage south of Birmingham. Multiple people were injured and several homes were damaged in Hamilton, Mississippi, said Monroe County Coroner Alan Gurley.

Founded in 1996, Outlook.com is a web-based suite of webmail, contacts, tasks, and calendaring services developed and offered by Microsoft.

The firm warned in its e-mail that users might receive more spam and phishing e-mails as a result of the incident, and urged users not to click on links from e-mail addresses they did not recognise.

Despite Microsoft's initial notification to affected Outlook users on Friday, a follow-up statement added that hackers were able to read email content. Although Microsoft says that login details and personal information couldn't have been stolen through this particular approach, the company is advising you mix up your password anyway for the hell of it, too. Out of an abundance of caution, however, customers whose inboxes were left exposed to the intruder will be getting additional "detection and monitoring" on their email accounts.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER