Software giant Microsoft has revealed that hackers, at the beginning of the year, managed to access customers’ web-based email accounts for three months. The company added that unknown hackers hit the accounts of various Microsoft email services between January 1 and March 28.
Microsoft has started sending notifications to those who have been impacted by the problem, recommending users change their account passwords. The company says that a “limited subset” of consumer account where affected, and the hackers have now been halted.
Although the attack affected @msn.com, @hotmail.com and @outlook.com email addresses, Microsoft has said that the hackers were not able to access email addresses, folder names and email subject lines, and the content of emails.
Microsoft said it’s committed to providing its customers with transparency. “As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account,” it said.
The company added it had identified that a Microsoft support agent’s credentials were compromised, allowing individuals outside Microsoft to access information within your Microsoft email account. This unlawful access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.
It’s noteworthy that your email login credentials were not directly affected by this event. Nevertheless, as a preventive measure, you should reset your password for your account.
Microsoft is still not clear the incident affected how many accounts, nor has it indicated as to who may have been responsible. As well as the email sent to customers, the company’s only further comment is a statement in which it says: ” We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access”.