Microsoft, the Redmond, Washington software giant, confirmed to reporters over the weekend that its web-based email services were hacked.
According to reports citing Microsoft, the company confirmed that a “limited” number of webmail users — including @msn.com and @hotmail.com — saw their accounts compromised by hackers. In a statement to reporters, Microsoft said: “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”
In an email Microsoft sent late Friday (April 12) to users who were impacted, the company said malicious hackers may have been able to access email addresses, folder names, the subject lines of emails and the names of other email addresses that the user communicates with. Microsoft reportedly said in the email that hackers were not able to access the content of any of the emails or any of the attachments. It also appears the bad guys didn’t access login credentials including passwords. Microsoft said affected users should change their passwords. The breach happened between January 1, 2019, and March 28, 2019, according to reports.
Hackers were able to gain entry by compromising a customer support agent’s credentials, Microsoft said in the letter. Microsoft also told users it doesn't know what data hackers viewed or why they did it and warned impacted users could see more phishing or spam emails.
“You should be careful when receiving any emails from any misleading domain name, any email that requests personal information or payment, or any unsolicited request from an untrusted source,” Microsoft wrote in the letter. The report noted that none of Microsoft’s enterprise customers appeared to be impacted by the breach.