Microsoft has confirmed that some of its e-mail services have been breached by hackers, with the contents of some user e-mails exposed by the attack.
The technology giant said a “limited” number of accounts had been affected by the breach, but confirmed around 6% of those involved may have seen the content of their e-mails become accessible to the attackers.
According to an e-mail sent to the majority of affected users and then posted online, the firm said a Microsoft support agent’s credentials were compromised, potentially allowing unauthorised access to some account information.
For most, this included a person’s e-mail address, folder names, subject lines of e-mails and the names of other e-mail addresses users communicated with between January and March this year, but not the content of e-mails or attachments.
However, when approached for comment on the incident, Microsoft confirmed that a small group of users had also been notified that bad actors could have gained unauthorised access to the wider contents of their e-mails.
The company said it was providing additional guidance and support to those users. “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesman said of the incident.
Phishing
Microsoft operates e-mail services including Outlook, MSN and Hotmail. The company has not confirmed the number of accounts, in total, affected by the breach.
The firm warned in its e-mail that users might receive more spam and phishing e-mails as a result of the incident, and urged users not to click on links from e-mail addresses they did not recognise.
The company added that although password information had not been affected, it encouraged users to change their log-in details “out of caution”. It said it had also increased detection and monitoring for the affected accounts.
The incident follows the discovery in January of more than 770 million e-mail addresses from a variety of services in an online database allegedly used by hackers.