Published on April 15th, 2019 📆 | 7233 Views ⚑0
Microsoft reveals certain Outlook.com user accounts were hacked for months
On Saturday, Microsoft confirmed to TechCrunch that their email services were hacked from January 1, 2019, till March 28, 2019. Microsoft told TechCrunch, “Certain ‘limited’ number of people who use web email services managed by Microsoft—which cover services like MSN and Hotmail—had their accounts compromised.”
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access”, a Microsoft spokesperson told in an email.
Following this, Microsoft sent out an email to all the affected users stating that hackers were potentially able to access an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail address the user communicates. However, they were not able to access the content of any e-mails or attachments or login credentials like passwords. Microsoft recommended the affected users to reset their account password.
Microsoft undersold scale and severity of breach in its initial statements, which said email content wasn’t compromised. We confirmed email content was readable and that it was abused and used for SIM swapping
According to the letter from Microsoft to affected users, the hackers got into the system by compromising a customer support agent’s credentials. Once identified, those credentials were disabled. Microsoft informed the users that it didn’t know what data was viewed by the hackers or why, but cautioned that users might, as a result, see more phishing or spam emails as a result.
“You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source”, the letter mentioned.
To know more about this news, head over to TechCrunch.
Mozilla considers blocking DarkMatter after Reuters reported its link with a secret hacking operation, Project Raven
MarioNet: A browser-based attack that allows hackers to run malicious code even if users’ exit a web page
Understanding the cost of a cybersecurity attack: The losses organizations face