Microsoft just revealed that its systems were breached sometime in 2019, and that hackers were able to access some email information. post officeof the company's users.
In a message email sent to all involved users (posted by TechCrunch), Microsoft explains that someone managed to breach an account of a Microsoft support employee.
This allowed non-Microsoft employees to access information stored in Microsoft e-mail accounts (@ outlook.com, @ hotmail.com, @ msn.com) and, according to the company, businesses were not affected.
The information the hackers allegedly have includes email addresses, folder names, subject lines messages ηλεκτρονικού ταχυδρομείου, ονόματα άλλων διευθύνσεων ηλεκτρονικού ταχυδρομείου με τα οποία επικοινωνούν οι χρήστες. Σύμφωνα με την εταιρεία δεν εκτέθηκαν τα περιεχόμενα των emails, or attached files.
The unauthorized access allegedly took place from January 1, 2019 until March 28, 2019, Microsoft reports, but did not provide further details on how the hackers managed to breach the account of the support employee.
The company states that it immediately deactivated the breached account as soon as it detected the breach.
"Once aware of this issue, Microsoft immediately deactivated the affected account, prohibiting its use for any further unauthorized access. "Our data suggests that account information (but not the content of any e-mail) could have been leaked, but there is no indication that this information has been made public or how it may have been used." e-mail sent to affected users.
Microsoft now warns of increasing numbers of phishing emails that could be sent to users and recommends that everyone change their passwords. However, it is important to know that the passwords were not leaked (always according to the company).
It is not yet known how many users are affected by the hack.
You can read the full warning message and for more information and assistance, you can contact the company's incident management team at ipg-ir@microsoft.com.
Read the email
Microsoft Warning Email
Dear Customer
Microsoft is committed to providing our customers with transparency. As Part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.
We have identified that a Microsoft support agent's credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st 2019 and March 28th 2019.
Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source (you can read more about phishing attacks at https: // docs. microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing).
It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.
If you require further assistance, or have any additional questions or concerns, please feel free to reach out to our Incident Response team at ipg-ir@microsoft.com. If you are a citizen of European Union, you may also contact Microsoft's Data Protection Officer at:
EU Data Protection Officer
Microsoft Ireland Operations Ltd
One Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Ireland
dpoffice@microsoft.com
Microsoft regrets any inconvenience caused by this issue. Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.
Join the 2.100 registrants.