This allows unknown third parties to log in and gain access to data contained in an unspecified number of users’ Hotmail and Outlook email accounts. The exposure occurred between January 1 and March 28 of this year (2019).
When news of the breach first emerged, the company issued a statement that read, in part, as follows:
“We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails, and the names of other email addresses you communicate with), but not the content of any emails or attachments…it is important to note that your login credentials were not directly impacted by this incident.”
In our view, the last line is the most important in the formal statement. The hackers were able to glean some information from an unknown number of accounts, but they did so by proxy through the lens of a compromised support account, and not by stealing actual login credentials of users.
Since the company’s announcement, there have been conflicting reports that suggest the breach may have been more serious than Microsoft is currently claiming. As such, our recommendation is that if you have a Hotmail or an Outlook.com account, the best course of action would be to exercise an abundance of caution and change your password right away. It’s far better to be safe than sorry.
Also be aware that since hackers may have gleaned your email address as a result of their snooping, you are somewhat more likely to be on the receiving end of phishing emails in the weeks and months ahead. Be on your guard against that.