Hackers ‘were able to breach user emails in Microsoft platforms’

Hackers ‘were able to breach user emails in Microsoft platforms Outlook, MSN, and Hotmail for a period of six months’

  • Microsoft sent an email to users of email platforms Outlook, MSN, and Hotmail 
  • Company acknowledged that hackers were able to see contents of user emails 
  • Breach initially targeted the credentials of a Microsoft support agent
  • That breach enabled hackers to obtain information about emails of consumers 

Microsoft says hackers were able to get access to emails sent by users of Outlook, MSN, and Hotmail.

The software giant first acknowledged on Saturday that a breach affected a customer support account, which was then used to gain access to information about private users’ email accounts.

The hackers were able to see information such as subject lines of emails and whom users communicated with, according to Motherboard.

But the hack was worse than originally thought. Instead of limited information related to the emails, hackers were able to see the contents of emails from a large number of users across several Microsoft-owned platforms.

The hack initially targeted the credentials of a Microsoft support agent.

This allowed the hackers to gain access to non-corporate level email accounts, which belong to regular consumers who use Microsoft platforms for personal communications.

Microsoft acknowledged on Saturday that a breach affected a customer support account, which was then used to gain access to information about private users’ email accounts across numerous platforms, including Outlook (seen above)

The company sent an email to users acknowledging the existence of the breach

In an email sent to Microsoft email customers, the company wrote: ‘We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account.

‘This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails, and the names of other email addresses you communicated with), but not the content of any emails or attachments, between January 1, 2019 and March 28, 2019.’

Microsoft said that it ‘immediately disabled’ the compromised credentials. It also encouraged email users to reset their passwords and beware of phishing or other spam emails.

A copy of the email was posted to Reddit.

Despite Microsoft’s claims, Motherboard reported that hackers were able to gain access to email contents.

The website says it has screenshots sent by a source that provides insights into what hackers were able to see.

These screenshots show redacted pages that include options for the hackers to gain access to ‘Email Body.’

Microsoft said that it ‘immediately disabled’ the compromised credentials. It also encouraged email users to reset their passwords and beware of phishing or other spam emails. The image above shows the logo of Hotmail

Microsoft told Motherboard that those whose full email contents were vulnerable to hacking were notified, though the company did not specify how many customers were affected.

‘We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,’ a Microsoft spokesperson told Motherboard in a statement. 

In January, the largest ever collection of breached data ever was discovered, exposing more than one billion unique combinations of email addresses and passwords. 

A security researcher found the 87GB dump of data hidden on a hacker forum and said many of them have been previously included in other leaks such as the infamous MySpace and LinkedIn breaches. 

Troy Hunt, who runs the ‘Have I Been Pwned’ breach-notification service, found the leak on cloud-service MEGA and called it ‘Collection #1’. 

Source: Read Full Article