Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Security

Microsoft Says Some Webmail Accounts Were Compromised (techcrunch.com) 23

A "limited" number of users of Microsoft's webmail services -- which include Hotmail, Outlook.com, and MSN -- "had their accounts compromised, TechCrunch reports. "We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said a Microsoft spokesperson in an email. According to an email Microsoft has sent out to affected users, malicious hackers were potentially able to access an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with -- "but not the content of any e-mails or attachments," nor -- it seems -- login credentials like passwords. Microsoft is still recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft's letter to users said. The hackers got into the system by compromising a customer support agent's credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn't know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result.

This discussion has been archived. No new comments can be posted.

Microsoft Says Some Webmail Accounts Were Compromised

Comments Filter:
  • Why do these random low-rent people get to look through email addresses, contacts, subjects, and organizational folder hierarchies?

    • by Anonymous Coward

      If Google had support then it would be no different with them. Google side-skirts the issue by not offering any support whatsoever.

  • 5 is a limited number. So is 100 million. How many, Microsoft?
  • by WoodstockJeff ( 568111 ) on Sunday April 14, 2019 @11:37AM (#58435990) Homepage

    ... there are likely to be thousands of O365 accounts affected. It is rare that I don't see a half-dozen different organizations represented in "please look at this invoice" or "please review your payment" emails sent to our system accounts, each personalized for the company whose O365 accounts have been hijacked.

    If one of our corporate clients had not switched over to O365 for their email services last year, I'd block anything coming from an outlook.com server, because it is rare that it is NOT a phishing email.

  • Everybody who didn't pay for a Microsoft email account had the entire contents of their mailbox at risk for the past 6 months...

    "...the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access

  • ... got into the system by compromising a customer support agent's credentials, according to the letter.

    Emphasis mine. So that bloke and everyone else with his access level can read your address book, subject lines, and folder names... by design? WTF, Microsoft?

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...