Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Microsoft admits hackers had access to some Outlook.com account details

It's specifically Outlook.com accounts that have been affected.

Microsoft says that for the first three months of 2019, some details of certain email accounts were accessible to hackers, but has not not revealed how many users were affected.

Microsoft has confirmed that a number of Outlook.com email accounts were accessible by hackers for the three months from January 1 to March 28, 2019. While the company will not reveal how many accounts were hacked this way, it says that the access was done via a support agent's login credentials which were compromised.

Microsoft also says that no message data was read. The details exposed include the account holder's email address, the subject headings of any messages, "and the names of other email addresses you communicate with," continued Microsoft.

"This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account," said Microsoft in an email sent to users," but not the content of any emails or attachments."

The company does not reveal how the breach was detected, but says that it was then stopped quickly. "Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access," it says. "Our data indicates that account-related information (but not the content of any emails) could have been viewed, but Microsoft has no indication of why that information was viewed or how it may have been used."

Microsoft suggests that one result could an increase in phishing or other spam emails being sent to you. "It is important to note that your email login credentials were not directly impacted by this incident," continues the company. "However, out of caution, you should reset your password for your account."

Outlook.com is the web version of Microsoft's email service and was previously known as Hotmail. This hack does not appear to have affected any corporate users of Outlook's non-web service.



4 Comments

ArianneFeldry 5 Years · 61 comments

Why the hell does a support agent have access to anything other than the email address of the user in need of support without consent?

seanismorris 8 Years · 1624 comments

Why the hell does a support agent have access to anything other than the email address of the user in need of support without consent?

Maybe to troubleshoot message routing issues...

MacPro 18 Years · 19845 comments

The whole Outlook thing is such a tangled and bloated mess I can well imagine its full of holes.