Skip to main content
  1. Home
  2. Computing
  3. Business
  4. News

Hackers broke into Outlook.com using worker’s credentials, Microsoft says

By
Add as a preferred source on Google

Hackers compromised Microsoft’s web-based email services, including Outlook.com accounts and MSN and Hotmail addresses, for months by using a customer support agent’s credentials.

In an email sent to affected users, Microsoft said that the hackers were possibly able to access email addresses, subject lines of emails, folder labels, and the names of other email addresses that the user contacted. Fortunately, the content of emails, including attachments, were not compromised, nor were login credentials such as passwords.

Recommended Videos

The hackers were able to carry out the security breach, which happened from January 1 to March 28, by compromising the credentials of a customer support agent. Microsoft has identified the credentials that the hackers used and disabled them.

Microsoft warned that affected users may receive more spam emails, and may be on the receiving end of phishing attempts. Affected users should stay vigilant against such attacks, and are still advised to change their passwords even if the contents of their emails were not compromised because hackers may be able to use the addresses for identity theft purposes.

It is unclear how many users were hit by the data breach, and who the hackers behind the attack are. It appears that at least some of the affected accounts are from the European Union, as Microsoft is offering the contact information for the EU’s data protection officer.

“Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence,” Microsoft said in the letter.

The attack on Microsoft webmail services follows a much bigger data breach that was discovered in January. Troy Hunt, the security researcher behind Have I Been Pwned, found what is now known as Collection No. 1. The assemblage of data contained more than 773 million records, including more than 21 million unique passwords, across 12 separate folders, with a total size of 87GB.

It might not be as bad as Collection No. 1, but people with Microsoft web-based email accounts should still follow the recommendation and change their password, just to be safe.

Aaron Mamiit
Aaron Mamiit
Former Contributor
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Topics
AI browsers like Perplexity Comet can be tricked into spilling your password through BioShocking exploit
Six AI browsers were found leaking saved passwords and many of them haven't fixed it yet.
MacBook Air in hand, Comet browser loaded—let’s see what Perplexity’s AI can really do

Security researchers just found a strange way to trick AI browsers into handing over your passwords. They managed to trick AI browser agents into exposing sensitive data like saved passwords, session cookies, and private tokens by disguising the theft as part of a harmless "game."

The technique is called BioShocking, named after the popular video game BioShock, where a brainwashed character is manipulated into believing a false reality. Once an AI browser falls for the same trick, it stops following its own safety rules entirely.

Read more
Google Play’s latest speed boost goes way beyond the phone
Play Store v52.1 targets app install performance across Android devices, including cars, TVs, watches, tablets, and phones.
Google Play Store Photo

Google is rolling out Play Store v52.1 with changes built around a practical Android problem, getting apps installed more smoothly on very different kinds of hardware.

The update focuses on Play Store infrastructure, with Google pointing to stability, performance, and better memory use while a device adds an app. That install path now has to work on phones, tablets, Wear OS watches, Google TV, Android TV, Android Auto, and cars running Android Automotive.

Read more
Peacock Premium Plus joins YouTube as the streaming bundle battle gets messier
The $16.99 subscription brings Peacock’s sports-heavy catalog into YouTube, with account details still unclear.
Adult, Female, Person

Peacock Premium Plus is now available through YouTube Primetime Channels, giving viewers a new way to add a major streaming service inside YouTube.

The $16.99-per-month subscription brings Peacock’s live sports, NBC and Bravo shows, originals, Universal movies, Telemundo programming, and Spanish-language FIFA World Cup 2026 coverage into YouTube’s channel marketplace.

Read more