The users of Microsoft’s email services, including MSN and Hotmail, may have had their accounts compromised in a cyber attack that lasted from 1st January till 28th March.
The attackers compromised the credentials of a Microsoft’s customer support agent, and then gained access to the data on accounts of consumers. As per an email sent by Microsoft to the affected users, the attackers could access the email address, folder names, subjects of emails, and the other email address with which the affected users interacted. They couldn’t access the content of emails and attachments and login credentials.
Microsoft confirmed the attack to TechCrunch, and said that “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”
No enterprise accounts were compromised because of the attack. The company suggested users to update their passwords, even though the account of compromised customer support agent has been disabled.
Microsoft further warned users to be careful when they receive emails from misleading domain names, the emails that ask for personal information or payment, or any emails from untrusted sources.
Also read: Microsoft develops SECCON framework to strengthen security of Windows 10 devices
Following is the email sent by Microsoft (and reported by TechCrunch):
“Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals. We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.”