Microsoft has admitted that its Outlook.com security breach was worse than the company initially revealed. The software maker started notifying some Outlook.com users late on Friday night that a hacker was able to access accounts for months earlier this year. Microsoft’s notification revealed that hackers could have viewed account email addresses, folder names, and subject lines of emails, but in a separate notification to other affected users the company also admitted email contents could have been viewed.
Vice’s Motherboard revealed on Sunday that Microsoft sent a different notification message to around six percent of the affected Outlook.com accounts, and that the company only admitted this when it was presented with screenshot evidence that the breach was far worse for those customers. Microsoft discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019.
Motherboard claims hackers have been able to access some accounts for up to six months, and have used the access to reset iCloud accounts linked to stolen iPhones. A Microsoft spokesperson tells The Verge “the claim of 6 months is inaccurate,” and pointed towards the company’s notification that mentioned access between January 1st and March 28th, 2019. Microsoft also clarified that the vast majority of Outlook.com accounts that were affected received the notification that The Verge published over the weekend.“Our notification to the majority of those impacted …
Full article – theverge.com