In recent days, a number of customers of the company has not received a message in which it warned of the possibility that information contained in their accounts could have been violated. Microsoft says that it is a small group of users and that the breach in security was open between January 1 and March 28 of this year.
In the vast majority of cases, hackers they had access to data such as the email address, the names of the internal folders, the objects of the messages and the names of the recipients, but not the keys and other credentials or the contents of the emails, he adds. The attackers “could have had unauthorized access to the contents of the accounts” in the case of 6% of affected users, he says.
Last Saturday, an anonymous Microsoft client published on the Reddit website a screenshot of the alert email received from the company. “We have detected that the credentials of a member of the Microsoft support team have been compromised, which has allowed individuals outside the company to access information contained in their account,” the message read.
In the same email, the technological giant said that, as soon as they became aware of the problem, they disabled the credentials committed to preventing new unauthorized access. However, he admitted that he “has no indications” about why the hackers visualized the information breached or what they did with it. For that reason, it alerted affected users that they can receive phishing messages (a type of virtual scam) or spam and encouraged them to change the password.
Microsoft promised in the message to its clients that the hackers did not visualize the content of the emails of the affected accounts nor the files possibly attached to them. A spokesman added that the attack involved “a limited number of consumer accounts [that is, not accounts used by companies or organizations].” At the moment, the company does not give further information about the number of those affected.
This Sunday, the ZDNet wed published that it had received confirmation from Microsoft that the hackers could have accessed the emails of 6% of the users notified. And this Monday Motherboard, the website of science and technology of the magazine Vice, published that it had further tests, obtained by a source knowledgeable of the situation, that corroborates this information. The medium ensures that Outlook, Hotmail and MSN accounts were hacked.
It is not the first time this year that cases of security failures in email services come to light. A little less than two months ago, Microsoft reported that it had detected 104 attacks on accounts of organizations based in Belgium, France, Germany, Poland, Romania and Serbia. In January, computer security expert Troy Hunt warned that more than 772 million email addresses and 21 million unique passwords had been exposed in a hacker forum.
Hunt said that users whose emails and passwords were present in that filtering were exposed to one or more hackers could try to combine emails and passwords to access the data contained in the accounts or other services, such as social networks or bank accounts, in the that the same credentials had been used.
To check if an account was affected by the massive exposure, the expert made available the tool, which allows you to enter an address and see if it has been hacked. Currently, this page has a registry that includes more than 7.840 million accounts.
The leak of emails detected by Hunt is known as one of the most massive in history. The one that is usually indicated as the worst to date was announced in 2017 when Yahoo admitted that four years earlier more than 3,000 million accounts managed by this company had been uncovered.