Skip to main content
  1. Home
  2. Computing
  3. News

Hackers broke into Outlook.com using worker’s credentials, Microsoft says

By

Hackers compromised Microsoft’s web-based email services, including Outlook.com accounts and MSN and Hotmail addresses, for months by using a customer support agent’s credentials.

In an email sent to affected users, Microsoft said that the hackers were possibly able to access email addresses, subject lines of emails, folder labels, and the names of other email addresses that the user contacted. Fortunately, the content of emails, including attachments, were not compromised, nor were login credentials such as passwords.

Recommended Videos

The hackers were able to carry out the security breach, which happened from January 1 to March 28, by compromising the credentials of a customer support agent. Microsoft has identified the credentials that the hackers used and disabled them.

Related

Microsoft warned that affected users may receive more spam emails, and may be on the receiving end of phishing attempts. Affected users should stay vigilant against such attacks, and are still advised to change their passwords even if the contents of their emails were not compromised because hackers may be able to use the addresses for identity theft purposes.

It is unclear how many users were hit by the data breach, and who the hackers behind the attack are. It appears that at least some of the affected accounts are from the European Union, as Microsoft is offering the contact information for the EU’s data protection officer.

“Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence,” Microsoft said in the letter.

The attack on Microsoft webmail services follows a much bigger data breach that was discovered in January. Troy Hunt, the security researcher behind Have I Been Pwned, found what is now known as Collection No. 1. The assemblage of data contained more than 773 million records, including more than 21 million unique passwords, across 12 separate folders, with a total size of 87GB.

It might not be as bad as Collection No. 1, but people with Microsoft web-based email accounts should still follow the recommendation and change their password, just to be safe.

Editors’ Recommendations

Topics
Aaron Mamiit
Aaron Mamiit
Contributor
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
My Outlook inbox was a mess before I started using these 3 tricks
Control key with email icon.

No one likes email, but none of us can live without it. If you've found yourself struggling to manage incoming emails, I've found these three tips to be immensely useful.

Whether you want to automatically move messages, perform several actions with a single click, or make emails that need attention stand out among the rest, these Microsoft Outlook tips have you covered.
Use rules to organize incoming emails
To organize emails as they arrive, you can set up rules in Outlook. So, you can move an email to a folder, flag one to follow up, mark a message as read, and more. The best part is that it’s all done automatically.

Read more
Hackers can now take over your computer through Microsoft Word
A dark mystery hand typing on a laptop computer at night.

A new zero-day vulnerability in Microsoft Office could potentially allow hackers to take control of your computer. The vulnerability can be exploited even if you don't actually open an infected file.

Although we're still waiting for an official fix, Microsoft has released a workaround for this exploit, so if you frequently use MS Office, be sure to check it out.

Read more
Microsoft hacker LAPSUS$ just claimed yet another victim
microsoft headquarters

LAPSUS$, the group behind the unprecedented Nvidia hack, has successfully infiltrated another company, digital security authentication firm Okta.

A cybersecurity incident was confirmed to have occurred in January, with the investigation from a forensics firm revealing that a hacker did indeed gain access to an Okta support engineer’s laptop for a full five days.

Read more