If you are using a Microsoft Outlook account then your account might have received an email from the company. This email is to inform you that there is a possibility of your account being accessed by attackers. Yes, the company has revealed that there was a breach on Outlook.com due to which an attacker could have seen your emails.
However, the company says that the information available to attackers was limited. Microsoft says that the attackers were able to see only the subject line of emails but not the content. Also, some account-related information was also visible to the attacker though.
Microsoft says some Outlook.com accounts were compromised
Revealing more about the breach, Microsoft informed that the said access was possible between January 1st to March 28, 2019. Therefore, it is most likely that the attackers were able to see your account information for the past three months. The company also explains how this breach took place and how they knew about it. Well, it must be noted that there was no bug or exploit found on Outlook.com.
Rather, this was just a case of stolen account credentials of one of Outlook’s support agent. You would know that a support agent has access to most of the accounts on that platform. Therefore, the attacker was able to get information about Outlook accounts from that support agent’s credentials.
However, it is surprising that Microsoft was not able to know about this much earlier.
In a letter to Outlook.com users, Microsoft says that
Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.
The account-related information, according to Microsoft, includes email addresses, folder names and subject lines of emails. But it is not possible that the attacker would have gained access to or opened the emails, claims Microsoft.
Also, the company reassures that the attacker has not stolen any login details or personal information from the compromised accounts. Though, the company recommends its users to change their credentials at the earliest just to be safe.
Microsoft claims that breached account’s credentials were blocked so that access to the account was no longer possible. Microsoft has not revealed exactly how many accounts might have been possibly accessed without permission.
How did you are getting this much secret information? Thanks for it.
Wow! That took some time for them to discover. I wonder how it ranked against the GDPR requirement of having to report it on time