Microsoft Outlook users had their accounts hacked for months under security breach
Microsoft’s Outlook.com webmail service had been compromised since January 1.
The security breach went undiscovered until March 28. Microsoft revealed this breach to its users on April 12, in the form of a notification being sent out. The notification informed the affected subset of users that the hackers could only see the account email addresses, folder names, and subject lines of emails.
Microsoft later revealed to The Verge that the breach was worse, for some, than they previously admitted. While it was true that the hackers were only able to view subject lines, folder names and email addresses of a subset of webmail service users. 6 percent of this subset, received a different notification, which stated that the hackers were also able to view the contents of their emails. Microsoft was not revealing the actual number of affected users.
Vice’s Motherboard falsely claimed in an article that the breach had happened almost 6 months ago and also that the hackers were able to use the stolen information to access users’ iCloud accounts and deactivate security locks on iPhones. This false claim was debunked by the Microsoft spokesperson, in a statement to The Verge. The spokesperson clarified that “the claim of 6 months is inaccurate,” and reiterated that the security breach lasted from January 1 until March 28.
Microsoft clarified that the hackers were only able to view email addresses, subject lines and folder names of the vast majority of affected accounts. “A small group (~6 percent of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support.” The spokesperson further clarified to The Verge.
Microsoft revealed how the hackers were able to breach the security protocols. Microsoft collaborates with support agents for their webmail service. Upon investigation, Microsoft discovered that the security credentials of one of its support agents were compromised. This security lapse allowed hackers a backdoor into the webmail service’s security protocols.
Due to the fact that the breach went unnoticed for months, the webmail service’s users are in a state of alarm. Most large businesses rely on email security for their business. More businesses are shifting internal communications to applications like Teamviewer, which allow for more secure internal communications.
No harm in being extra cautious!
Rosie Harman is a Senior Content Strategist at Visi One Click, specializing in Technology. She holds a Master's in Business Administration from The University of Texas at Arlington and has spent the majority of her career working in tech giants in Texas.
When she's not helping the content team, Rosie enjoys adventuring with her two children around her home town.
Discussion about this post