Microsoft email accounts compromised in breach

By Dylan Bushell-Embling
Wednesday, 17 April, 2019

Microsoft email accounts compromised in breach

Microsoft has admitted that hackers had gained access to the email accounts of some Hotmail, MSN and Outlook email users for at least a three-month period by abusing a customer support portal.

The company may also have been caught out initially underselling the severity of the breach.

Microsoft first confirmed to TechCrunch on Saturday that a "limited" number of free Microsoft web-based email accounts had been compromised by malicious hackers, stating that the attackers were potentially able to access the affected users' email address, folder names, the subject lines of emails and other data, but not the contents of emails or attachments.

But after Vice's Motherboard published a report detailing the breach using details provided by "a source who witnessed the attack in action", the company confirmed that hackers had gained access to the content of some customers' emails as well. The company told Motherboard that email content had been affected for around 6% of the affected customers.

According to the source, the attack involved using a compromised highly privileged customer support account to bypass the account login stage and access the content of email accounts. While the source claims that the breach took place over a six-month period, a notification sent to affected customers states that the accounts were exposed between January 1 and March 28 this year.

The notification states that no account login details were impacted, but still recommends that impacted customers change their passwords as a precaution.

Proofpoint Cyber Security Executive Vice President Ryan Kalember said privileged customer service accounts are an enticing target for cybercriminals.

"Because of the level of access that can be granted from a single compromised account, cybercriminals often target employees that are located deep within an organisation and are not necessarily known or actively tracked by the security team rather than target a company's infrastructure," he said.

"Customer service accounts are squarely in their crosshairs, both because of the level of access these credentials have and because these users often have to interact with untrusted links and attachments as part of their normal job functions. Clever attackers have also targeted shared [customer service] accounts, as these shared mailboxes reach many users and are difficult to protect with multi-factor authentication."

No paid enterprise email accounts were affected in the breach, according to Microsoft. The company said that in response to the breach it has disabled the compromised customer service credentials and has engaged its internal privacy and security teams to investigate the attack.

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Study: Employee personal devices pose risk to corporate data

A Trend Micro survey has highlighted the risks posed by smart home devices to the corporate...

Aussie hackers targeting Facebook, Wi-Fi, says NordVPN

Research from NordVPN found that 43% of Australians looking to break into something were...

ACSC receives one cybercrime report every 10 min

The Australian Cyber Security Centre's inaugural Annual Threat Report for 2020 found that...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd