Skip to main content

Hackers broke into Outlook.com using worker’s credentials, Microsoft says

Hackers compromised Microsoft’s web-based email services, including Outlook.com accounts and MSN and Hotmail addresses, for months by using a customer support agent’s credentials.

In an email sent to affected users, Microsoft said that the hackers were possibly able to access email addresses, subject lines of emails, folder labels, and the names of other email addresses that the user contacted. Fortunately, the content of emails, including attachments, were not compromised, nor were login credentials such as passwords.

Recommended Videos

The hackers were able to carry out the security breach, which happened from January 1 to March 28, by compromising the credentials of a customer support agent. Microsoft has identified the credentials that the hackers used and disabled them.

Please enable Javascript to view this content

Microsoft warned that affected users may receive more spam emails, and may be on the receiving end of phishing attempts. Affected users should stay vigilant against such attacks, and are still advised to change their passwords even if the contents of their emails were not compromised because hackers may be able to use the addresses for identity theft purposes.

It is unclear how many users were hit by the data breach, and who the hackers behind the attack are. It appears that at least some of the affected accounts are from the European Union, as Microsoft is offering the contact information for the EU’s data protection officer.

“Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence,” Microsoft said in the letter.

The attack on Microsoft webmail services follows a much bigger data breach that was discovered in January. Troy Hunt, the security researcher behind Have I Been Pwned, found what is now known as Collection No. 1. The assemblage of data contained more than 773 million records, including more than 21 million unique passwords, across 12 separate folders, with a total size of 87GB.

It might not be as bad as Collection No. 1, but people with Microsoft web-based email accounts should still follow the recommendation and change their password, just to be safe.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Microsoft just made Outlook a lot easier to use
Outlook running on the Samsung Galaxy Z Flip 5 cover screen.

The Outlook app on the Z Flip 5 cover screen Joe Maring / Digital Trends

Microsoft’s popular email client and organizer Outlook will soon be getting an update that should allow users to send large files without encountering any errors. We first heard about the update last month, and per the Microsoft 365 road map website, Feature ID 156100 is going to enable Outlook users to upload files seamlessly, even when they come across email size restrictions.

Read more
Microsoft is finally fixing one of the worst parts of Outlook
Moto G Stylus 5G 2023 in Outlook.

Microsoft Outlook is set to get an update that will address the size limit that is currently in place when sharing files on the email service. In the future, instead of attachment limits, users will be able to upload files to OneDrive and share them through email.

The way Microsoft Outlook is set up makes it challenging for users to attach and send large files. It is easy to exceed the maximum size limit and be unable to send certain files through Outlook.

Read more
Hackers are using AI to create vicious malware, says FBI
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

The FBI has warned that hackers are running wild with generative artificial intelligence (AI) tools like ChatGPT, quickly creating malicious code and launching cybercrime sprees that would have taken far more effort in the past.

The FBI detailed its concerns on a call with journalists and explained that AI chatbots have fuelled all kinds of illicit activity, from scammers and fraudsters perfecting their techniques to terrorists consulting the tools on how to launch more damaging chemical attacks.

Read more