Following the publishing of the data of a countless number of US police officers and federal agents by hackers, another major breach that involves Microsoft email platform has been uncovered. This involves @hotmail.com and @msn.com email users that might have their email subjects, email address of the users and those they are communicating with exposed. However, the extent of this breach is not clear yet but it is unlikely that the login details were compromised. In any case, it will be advisable to change your password just to be safe.
According to Microsoft, the breach happened from January 1 to March 28 by exploiting a customer’s agent credentials. Microsoft since then disabled the credentials in question, thereby putting an end to the attack. Due to this occurrence, you might get some spam emails sent from sketchy sources that will want you to provide payment or any information whatsoever. You should be careful in dealing with such emails as they might be fraudulent or a phishing attack. Microsoft has also increased monitoring on the accounts affected to quickly detect any strange operations.
Dear CustomerMessage sent to affected users by Microsoft
Microsoft is committed to providing our customers with transparency. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.
We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.
Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source (you can read more about phishing attacks at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing).
It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.
If you require further assistance, or have any additional questions or concerns, please feel free to reach out to our Incident Response Team at firstname.lastname@example.org. If you are a citizen of European Union, you may also contact Microsoft’s Data Protection Officer at:
EU Data Protection Officer
Microsoft Ireland Operations Ltd
One Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland
Microsoft regrets any inconvenience caused by this issue. Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.
How the attack was staged is still unclear neither are the parties involved and the number of users affected. Moreso, enterprise users appear not to be affected by this development. Nonetheless, breaching emails remain one of the most common types of hacking in this age.