Microsoft: Hackers compromised support agent’s credentials to access customer email accounts

On the heels of a trove of 773 million emails, and tens of millions of passwords, from a variety of domains getting leaked in January, Microsoft has faced another breach affecting its web-based email services.

Microsoft has confirmed to TechCrunch that a certain “limited” number of people who use web email services managed by Microsoft — which cover services like @msn.com and @hotmail.com — had their accounts compromised.

According to an email Microsoft has sent out to affected users (the reader who tipped us off got his late Friday evening), malicious hackers were potentially able to access an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with — “but not the content of any e-mails or attachments,” nor — it seems — login credentials like passwords.

Microsoft is still recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft’s letter to users said.

The hackers got into the system by compromising a customer support agent’s credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn’t know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result. “You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source.”

We are printing the full text of the email below, but a separate email sent to us, from Microsoft’s Information Protection and Governance team, confirmed some of the basic details, adding that it has increased detection and monitoring on those accounts affected.

Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals. We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.

Right now, a lot of question marks remain. It’s unclear exactly how people people or accounts were affected, nor in which territories they are located — but it seems that at least some were in …read more