Outlook Breach More Expansive than Previously Thought

A few days ago, it was reported that there was a breach in Microsoft Outlook that may have already affected several users between January 1^st to March 28^th this year which allowed hackers to view email addresses, folders and subject lines but not contents. However, the breach was more expansive than previously thought and now includes Hotmail as well as MSN accounts.

“Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access… Our data indicates that account-related information (but not the content of any emails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.”

–Microsoft

Affected Outlook users were already warned by Microsoft through email to change their passwords and not to worry as hackers weren’t able to access the full emails and attachments. Unfortunately, that is not the case. Microsoft later confirmed that not only are email attachments and contents have been exposed, but the breach went beyond Outlook.com and also affected Hotmail and MSN users.

Most of those affected so far were non-corporate users and that no passwords were stolen but Microsoft still recommends that users change their passwords immediately and not to open any suspicious emails as they and their correspondents may be subject to phishing attacks.

The attacks began when the credentials of a Microsoft Support Agent were compromised. This enabled the hackers to get an inside view of Outlook users the agent has supported between January and March and even before. For reasons, Microsoft has yet to reveal the actual number of users that have been affected. Someone has yet to claim responsibility for the hack and at this point it could be anyone. But Microsoft said that the circumstances that led to the problem has already been addressed.