Hackers piggybacked onto a Microsoft customer support portal between Jan. 1 and March 28 to gain access to the emails of noncorporate account holders on webmail services Microsoft manages, including MSN.com, Hotmail.com and Outlook.com.
Microsoft has confirmed that a “limited” number of customers who use its Web service had their accounts compromised. However, as more details have surfaced, it appears the intrusion may have been more widespread than implied.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” Microsoft spokesperson Elissa Brown told the E-Commerce Times.
Microsoft sent email notices to affected users over the weekend reporting that “bad actors” potentially had been able to access their email addresses, folder names, the subject lines of emails and the names of email addresses the user contacted.
“Out of an abundance of caution, we also increased detection and monitoring for the affected accounts,” Brown said.
The hackers could not see the content of any emails or attachments, or login credentials like passwords, according to Microsoft.
The hackers got into the system by compromising a customer support agent’s credentials, according to Microsoft’s letter to hacked account holders.
It remains unclear how many people, accounts and geographic regions were affected. Whether the employee was a Microsoft employee or someone working for a third-party support services provider was not disclosed. Nor has Microsoft explained how the agent’s credentials were obtained or how it discovered the breach.
However the level of information Microsoft has disclosed suggests that this breach was significant, observed Adnan Raja, vice president of marketing for Atlantic.Net.
“It’s significant because it has slowly gotten more serious,” he told the E-Commerce Times.
Microsoft acknowledged it only after it was confronted with screenshots, he pointed out.
The company still has not said how many accounts were affected, “so this suggests it is worse than what has been disclosed,” Raja maintained.
Worrisome Details Emerge
In a limited number of cases, email content including calendars, dates of birth, and login histories reportedly also were compromised, noted Steve Sanders, vice president of internal audit for CSI.
“The attack took place over almost the entire first quarter of 2019. An outside source claims this time frame may have actually been as long as six months. There are likely more details to this compromise that haven’t been released yet,” he told the E-Commerce Times.
Another factor that makes this…