Connect with us

Microsoft

A lapse in Microsoft’s security allowed hackers to read your Hotmail, Outlook, and MSN emails

Another day, another breach.

microsoft logo on wall
Image: Microsoft

When you use an email service, like Microsoft’s collection of Hotmail, Outlook or MSN, you have faith that the service is doing everything it can to protect your private emails from abuse. That faith has been shaken, with Microsoft confirming to TechCrunch that some users of Microsoft’s email services had been targeted by hackers.

Instead of going for user accounts, the hackers took over a Microsoft customer support account, then pivoted to gain information about users, such as email addresses, folder names, email subject lines and the email addresses of anyone who the user has been emailing.

Microsoft says that the hackers were not able to access the content of any emails, attachments, or login details like passwords. Still, it’s worth changing your password anyway, so if you have email addresses from @outlook.com, @hotmail.com, @hotmail.co.uk or msn.com, you should go change it asap – especially if your Microsoft account is also your login to Windows.

Microsoft says that the hackers couldn’t see the content of emails

However, a source showed Motherboard that the hack used “did allow full access to email content.” The source also said that the support account compromised belonged to a high privileged user, giving them more information that most support accounts would. We’ve long known that some of Microsoft’s support agents are able to read the content of your emails, although how often the power is used is anyone’s guess.

When Motherboard showed Microsoft the screenshots showing user content, the company did acknowledge that a “small number” of customers were impacted in this way. Reading between the lines here, was only one customer support account compromised? It seems odd to me that if hackers got a superuser account that could see content, that they wouldn’t siphon up all the information they could.

The hackers were in the system from January 1 of this year, right up to March 28, giving them ample time to suck up information. Be extra wary of any suspicious emails in your inboxes, even if they seem to come from a trusted contact.

Again, go change your MSN, Hotmail and Outlook.com sign-in passwords.

What do you think? Should Microsoft provide a better explanation for this breach of privacy? What should be done now? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Microsoft