Hackers exploited a Microsoft customer support portal that allowed them to access customers' e-mail accounts on Hotmail, MSN, and Outlook.
Microsoft confirmed the breach in an e-mail to TechCrunch, saying that hackers targeted a limited number of e-mail accounts.
Microsoft Customer Support Hacked
were able to access the affected e-mail addresses, the names of the folders, the subject lines of e-mails, and other e-mail addresses users communicate with.
Microsoft assured that the hackers have not accessed the e-mail contents, attachments, and passwords. However, it recommends that affected users should change their passwords. The tech company also said that they already made solutions to this issue.
"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said
a Microsoft spokesperson in the e-mail.
The breach happened between Jan. 1 and March 28, where the hackers got inside the system compromising the credentials of a customer support agent. Microsoft did not say how the agent's credentials were compromised, or if the agent was its employee or working for a third party that provides support services. Microsoft did not explain either how it discovered the breach on its system.
Microsoft Addresses Data Breach
The tech firm said that once it identified the compromised credentials, it immediately disabled them. It did not say what data had been viewed by the hackers or why they accessed these e-mails. Microsoft advised its customers to expect phishing or spam e-mails as a result of the data breach
Microsoft said that users should be careful when they receive e-mails that ask for their personal information or payment or unsolicited requests from an untrusted source. Users should also be careful in receiving e-mails from misleading domain names.
According to Motherboard, Microsoft has the ability to scan or read e-mail messages. In 2014, for example, it tried to identify
a Windows 8 leaker by looking into the e-mail account of a French blogger.
Motherboard's source claimed that this kind of access had been used to break into iCLoud-locked iPhones. Hackers need to compromise a target's e-mail or iCloud account to remove Activation Lock from their iPhone
Microsoft also said that it regrets any inconvenience caused by this issue. It assured its users that the company takes data protection very seriously, and it is currently investigating the issue.