Update: Microsoft has now confirmed that MSN and Hotmail email accounts were also breached.
Microsoft has revealed this morning that a hacker was able to access Outlook.com accounts for several months. As detailed by The Verge, Microsoft discovered that a support agent’s credentials for Outlook.com were compromised for a 3-month window.
Ecobee HomeKit Thermostat
Microsoft says that a hacker had access to the support agent’s account from January 1st through March 28th, 2019. The hackers could view email addresses, folder names, and email subjects, but not actual emails themselves or attached files. The credentials used in the hack have since been disabled.
Microsoft has emailed users whose account information was affected by this breach. While no account passwords were accessible by the hackers, Microsoft is still advising affected users to change their password. The company also advises users be on the lookout for phishing scams and emails that ask for any sort of payment.
“Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source.
It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.”
Details of the breach are still unclear, including how many users were affected. It’s also unknown how the hacker(s) were able to gain access through the support agent’s account in the first place.
If you were affected by this Outlook.com breach, you should receive an email from Microsoft. Nonetheless, it might be wise for all Outlook.com users to change their password either way. You can read instructions on how to do so via Microsoft’s support website.