Microsoft has now revealed that its Outlook.com security breach may have been worse than the company initially stated. On Friday night, Microsoft revealed to some users that a hacker was able to access accounts between January 1st and March 28th, 2019.
Accessing a customer support account
Microsoft claimed that hackers could only have viewed account email addresses, folder names, and subject lines of emails. However, Vice’s Motherboard reported on Sunday that Microsoft sent a notification message to about six percent of the affected Outlook.com accounts stating email content may have also been read.
Making matters worse was the fact that the company only admitted this after it was presented with screenshot evidence. Microsoft found out that the hack was done by accessing a customer support account.
Microsoft alerted its users of the breach over the weekend with the following statement published by The Verge: “Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used."
The company went on to say that login details or other personal information were not compromised but advised users to change their passwords as an extra security measure.
“Microsoft regrets any inconvenience caused by this issue,” said the security notification. “Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.”