Microsoft began notifying some Outlook.com users that a hacker was able to access the accounts for months earlier this year. The software giant discovered that the credentials of a support agent were compromised by its webmail service, allowing unauthorized access to some accounts between January 1 and March 28, 2019. Microsoft says that hackers could have seen the email addresses of the accounts, folder names and subject lines of emails, but not the content of the emails or attachments.
It is unclear how many users were affected by the violation or who participated in obtaining access to Outlook.com email accounts. "Our data indicates that the information related to the account (but not the content of the emails) could have been seen, but Microsoft has no indication as to why that information was seen or how it could have been used," says Microsoft. in an email to
Hackers could not steal login details or other personal information, but Microsoft recommends that affected users reset their passwords. "Microsoft regrets any inconvenience caused by this problem," says the security notification. "Rest assured that Microsoft takes data protection very seriously and has involved its internal security and privacy teams in the investigation and resolution of the problem, as well as the additional strengthening of the systems and processes to avoid such repetition" .
This security incident weeks after a former security researcher pleaded guilty to hacking Microsoft and Nintendo servers. Microsoft's Windows development servers were violated for several weeks in January 2017, allowing hackers across Europe to access preliminary versions of Windows.
Microsoft confirmed the breach in a statement to The Verge, but the company does not disclose exactly how many accounts were affected . " We addressed this scheme, which affected a limited subset of consumer accounts, by disabling compromised credentials and blocking access by perpetrators," says a Microsoft spokesman.
Update, April 13, 12:05 p.m. ET : Article updated with Microsoft statement.