Microsoft has revealed that for several months, a hacker was able to access Outlook.com accounts. According to a report by The Verge, Microsoft discovered that the credentials of a support agent were compromised for a period of three months– from January 1 to March 28, 2019.
The report mentions that the hacker had access to the email address, folder names, and email subjects of the Outlook users. Microsoft says that the hacker could not access the actual emails or the attached files or the passwords.
As per the report, the hacker wasn’t able to steal login details or other personal information, but Microsoft is recommending that affected users reset their passwords as a cautionary measure.
“Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” says Microsoft in an email to affected users, reported The Verge.
The report says that Microsoft has disabled the credentials used in the hack. It has emailed users whose account information was affected by the breach. It has advised the users to look out for phishing emails and scams that ask for any sort of payment or account detail.
At the moment, it is sending an email to all the affected accounts explaining the whole matter saying that it has engaged its “internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence”.
As of now, it is unclear how the hacker was able to access the support agent’s account. The report mentions that Microsoft has not revealed the actual number of people affected by the breach.