Skip to main content

Hackers broke into Outlook.com using worker’s credentials, Microsoft says

Hackers compromised Microsoft’s web-based email services, including Outlook.com accounts and MSN and Hotmail addresses, for months by using a customer support agent’s credentials.

In an email sent to affected users, Microsoft said that the hackers were possibly able to access email addresses, subject lines of emails, folder labels, and the names of other email addresses that the user contacted. Fortunately, the content of emails, including attachments, were not compromised, nor were login credentials such as passwords.

The hackers were able to carry out the security breach, which happened from January 1 to March 28, by compromising the credentials of a customer support agent. Microsoft has identified the credentials that the hackers used and disabled them.

Microsoft warned that affected users may receive more spam emails, and may be on the receiving end of phishing attempts. Affected users should stay vigilant against such attacks, and are still advised to change their passwords even if the contents of their emails were not compromised because hackers may be able to use the addresses for identity theft purposes.

It is unclear how many users were hit by the data breach, and who the hackers behind the attack are. It appears that at least some of the affected accounts are from the European Union, as Microsoft is offering the contact information for the EU’s data protection officer.

“Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence,” Microsoft said in the letter.

The attack on Microsoft webmail services follows a much bigger data breach that was discovered in January. Troy Hunt, the security researcher behind Have I Been Pwned, found what is now known as Collection No. 1. The assemblage of data contained more than 773 million records, including more than 21 million unique passwords, across 12 separate folders, with a total size of 87GB.

It might not be as bad as Collection No. 1, but people with Microsoft web-based email accounts should still follow the recommendation and change their password, just to be safe.

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Beware: Hackers are using a clever Microsoft Edge malvertising scam
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

If you're still using Microsoft Edge, you need to beware -- a new malvertising campaign has just been discovered, and if you fall victim to it, your PC might be at risk.

According to Malwarebytes, the attackers are abusing Microsoft Edge's News Feed feature to target their victims. Here's what we know about this clever new scam.

Read more
You’ll never guess what hackers are using Microsoft Calculator for
A depiction of a hacker breaking into a system via the use of code.

Hackers have found an unusual and unconventional method to infect PCs with malware: distributing dangerous code with Windows Calculator.

The individuals behind the well-known QBot malware have managed to find a way to use the program to side-load malicious code on infected systems.

Read more
What is Gemini Advanced? Here’s how to use Google’s premium AI
Google Gemini on smartphone.

Google's Gemini is already revolutionizing the way we interact with AI, but there is so much more it can do with a $20/month subscription. In this comprehensive guide, we'll walk you through everything you need to know about Gemini Advanced, from what sets it apart from other AI subscriptions to the simple steps for signing up and getting started.

You'll learn how to craft effective prompts that yield impressive results and stunning images with Gemini's built-in generative capabilities. Whether you're a seasoned AI enthusiast or a curious beginner, this post will equip you with the knowledge and techniques to harness the power of Gemini Advanced and take your AI-generated content to the next level.
What is Google Gemini Advanced?

Read more