Share this article

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft’s Outlook.com has been compromised for months, email addresses and subject lines, and more were left exposed

4 min. read

Published onApril 14, 2019

published onApril 14, 2019

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

If you or someone you contact via e-mail uses Microsoft’s webmail services, such as Outlook.com, then it is possible that you have been involved in a data breach.

Microsoft confirmed toTechCrunchthis week that the firm’s webmail services have been a victim of a data breach. Data on customers was left exposed through a support agent’s credentials which were compromised, which cybercriminals used to access the data.

Of the data affected, Microsoft noted that the following information was left exposed:

Microsoft noted that it doesn’t know which data has been viewed, or the reasons why, but that users may experience increasing phishing or spam emails as a result of the breach, therefore, it advises users to be more vigilant when checking their emails.

The breach took place over a long period of time, from 1st January 2019 to 28th March 2019. It isn’t clear how many people have been affected, but it says it was a “limited” number of people. The company did confirm that enterprise users have not been affected.

Microsoft has disabled the compromised account of the support agent to prevent more data being accessed.

In an email letter sent out to affected users, Microsoft said:

Dear Customer

Microsoft is committed to providing our customers with transparency. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.

We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments, between January 1st2019 and March 28th2019.

Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source (you can read more about phishing attacks at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing).

It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.

If you require further assistance, or have any additional questions or concerns, please feel free to reach out to our Incident Response Team at[email protected]. If you are a citizen of European Union, you may also contact Microsoft’s Data Protection Officer at:

EU Data Protection OfficerMicrosoft Ireland Operations LtdOne Microsoft Place,South County Business Park,Leopardstown, Dublin 18, Ireland[email protected]

Microsoft regrets any inconvenience caused by this issue. Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.

It is advised to check both your inbox and spam email folders for an email from Microsoft. Some reports suggest Microsoft’s email, ironically, is ending up in spam folders for some users.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft’s Outlook.com has been compromised for months, email addresses and subject lines, and more were left exposed#