Security & Fraud

Microsoft Admits Breach Of Web-Based Email Accounts

Microsoft, the Redmond, Washington software giant, confirmed to reporters over the weekend that its web-based email services were hacked.

According to reports citing Microsoft, the company confirmed that a “limited” number of webmail users — including and — saw their accounts compromised by hackers.  In a statement to reporters, Microsoft said: “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”

In an email Microsoft sent late Friday (April 12) to users who were impacted, the company said malicious hackers may have been able to access email addresses, folder names, the subject lines of emails and the names of other email addresses that the user communicates with. Microsoft reportedly said in the email that hackers were not able to access the content of any of the emails or any of the attachments. It also appears the bad guys didn’t access login credentials including passwords. Microsoft said affected users should change their passwords. The breach happened between January 1, 2019, and March 28, 2019, according to reports.

Hackers were able to gain entry by compromising a customer support agent’s credentials, Microsoft said in the letter. Microsoft also told users it doesn’t know what data hackers viewed or why they did it and warned impacted users could see more phishing or spam emails.

You should be careful when receiving any emails from any misleading domain name, any email that requests personal information or payment, or any unsolicited request from an untrusted source,” Microsoft wrote in the letter. The report noted that none of Microsoft’s enterprise customers appeared to be impacted by the breach.

This is the latest breach to impact Microsoft this year. Earlier in the year 773 million emails — as well as tens of millions of passwords — were leaked, noted the report.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.