Hotmail, MSN and Outlook emails exposed to hackers for months, Microsoft reveals

Criminals bypassed the tech giant's cyber security measures by abusing a customer support portal

Anthony Cuthbertson
Monday 15 April 2019 10:26 EDT
Comments
Microsoft initially denied that hackers were able to read emails from Outlook accounts
Microsoft initially denied that hackers were able to read emails from Outlook accounts (Getty Images)

Hackers had access to Hotmail, MSN and Outlook emails from a large number of accounts for two months, Microsoft has revealed.

The technology giant confirmed that email accounts of non-corporate users were breached, with the contents of around 6 per cent of emails exposed by cyber criminals exploiting a customer support portal.

According to an email sent to the majority of affected users and then posted online, the firm said a Microsoft support agent's credentials were compromised, potentially allowing unauthorised access to some account information.

For most, this included a person's email address, folder names, subject lines of emails and the names of other email addresses users communicated with between 1 January and 28 March 2019, but not the content of emails or attachments.

However, when approached for comment on the incident, Microsoft confirmed that a small group of users had also been notified that bad actors could have gained unauthorised access to the wider contents of their emails.

The company said it was providing additional guidance and support to those users.

"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," a Microsoft spokesman said of the incident.

Microsoft operates email services including Outlook, MSN and Hotmail.

The company has not confirmed the number of accounts, in total, affected by the breach.

The firm warned in its email that users might receive more spam and phishing emails as a result of the incident, and urged users not to click on links from email addresses they did not recognise.

The company added that although password information had not been affected, it encouraged users to change their log-in details "out of caution".

Microsoft said it had also increased detection and monitoring for the affected accounts.

The incident follows the discovery in January of more than 770 million email addresses from a variety of services in an online database allegedly used by hackers.

The tech giant said Hotmail, MSN and Outlook users affected by the issue have been notified via email.

Additional reporting by agencies

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in