Geek Dashboard

How-To's, Smartphones, News and Reviews

You are at Home » News

Few Outlook Accounts Were Accessed by Attackers for Several Months, Says Microsoft

Last Updated on by 2 Comments

If you are using a Microsoft Outlook account then your account might have received an email from the company. This email is to inform you that there is a possibility of your account being accessed by attackers. Yes, the company has revealed that there was a breach on Outlook.com due to which an attacker could have seen your emails.

However, the company says that the information available to attackers was limited. Microsoft says that the attackers were able to see only the subject line of emails but not the content. Also, some account-related information was also visible to the attacker though.

Also Read: How to Send and Receive Encrypted Emails 

Microsoft says some Outlook.com accounts were compromised

Revealing more about the breach, Microsoft informed that the said access was possible between January 1st to March 28, 2019. Therefore, it is most likely that the attackers were able to see your account information for the past three months. The company also explains how this breach took place and how they knew about it. Well, it must be noted that there was no bug or exploit found on Outlook.com.

Microsoft letter to Outlook.com users on breach
Here is the letter Microsoft sent to Outlook users earlier this week

Rather, this was just a case of stolen account credentials of one of Outlook’s support agent. You would know that a support agent has access to most of the accounts on that platform. Therefore, the attacker was able to get information about Outlook accounts from that support agent’s credentials.

However, it is surprising that Microsoft was not able to know about this much earlier.

In a letter to Outlook.com users, Microsoft says that

Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.

The account-related information, according to Microsoft, includes email addresses, folder names and subject lines of emails. But it is not possible that the attacker would have gained access to or opened the emails, claims Microsoft.

Also, the company reassures that the attacker has not stolen any login details or personal information from the compromised accounts. Though, the company recommends its users to change their credentials at the earliest just to be safe.

Microsoft claims that breached account’s credentials were blocked so that access to the account was no longer possible. Microsoft has not revealed exactly how many accounts might have been possibly accessed without permission.

Comments

  2. Vinay Nagaraju says

    Wow! That took some time for them to discover. I wonder how it ranked against the GDPR requirement of having to report it on time

    Reply

Comment Policy:

The comments section is aimed to help our readers in case of any questions or you can even appreciate us for our hard work. Every comment is strictly moderated before approving it.

Your name and comment will be visible to the public. Never share your personal information in the comments section.

Leave a Reply

Your email address will not be published. Required fields are marked *

Geek Dashboard, a technology blog strives to produce high-quality tech for our readers. Here you will find the latest updates on trending tech news, unbiased product reviews, and how-to guides on various gadgets.

Got a Tip? Write In

© 2012 - 2020 · Geek Dashboard, product of ikva eSolutions

Blog Advertise About Jobs Contact Privacy Policy Write For Us T&C Office Setup