Microsoft has admitted that its breach of Outlook.com's security was worse than the company initially revealed. The software maker began notifying some Outlook.com users on Friday night that a hacker was able to access the accounts during the months of this year. Microsoft's notification revealed that the hackers could have seen the email addresses of the accounts, the names of the folders and the subject lines of the emails, but in another notification to other affected users, the company also admitted that The contents of the emails could have been viewed.
Vice's motherboard revealed on Sunday that Microsoft sent a different notification message to about six percent of the affected Outlook.com accounts, and that the company only admitted this when it was presented with a capture test. screen that the violation was much worse for those customers. Microsoft discovered that the credentials of a support agent were compromised by its webmail service, allowing unauthorized access to some accounts between January 1 and March 28, 2019.
able to access some accounts for up to six months, and has used access to reset iCloud accounts linked to stolen iPhones. A Microsoft spokesperson tells him The Verge "the 6-month claim is inaccurate" and noted the company's notification that he mentioned access between January 1 and March 28, 2019. Microsoft also clarified than the vast majority of Outlook. The accounts that were affected received the notification that The Verge published during the weekend.
"Our notification to the majority of those affected noted that the bad actors would not have had unauthorized access to the content of e-mails or attachments," says a Microsoft spokesman in a statement to The Verge ] "A small group (about 6 percent of the original subset of consumers, already limited) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and they were given additional guidance and support" .
Microsoft still refuses to disclose how many accounts were affected.