On Friday, Microsoft despatched out notification emails to some customers informing Outlook account house owners of a breach the corporate suffered and which could have additionally impacted Outlook customers straight.
In line with Microsoft, between January 1, 2019, and March 29, 2019, a hacker, or group of hackers, compromised the account of a Microsoft help agent, one of many firm’s buyer help representatives that handles technical complaints.
The OS maker mentioned it disabled the compromised help agent’s credentials as soon as it discovered of the unauthorized intrusion; nevertheless, the corporate mentioned there may be a chance that the hacker accessed and seen the content material of some Outlook customers’ accounts.
“This unauthorized entry may have allowed unauthorized events to entry and/or view data associated to your electronic mail account (akin to your e-mail deal with, folder names, the topic strains of e-mails, and the names of different e-mail addresses you talk with), however not the content material of any e-mails or attachments,” Microsoft mentioned within the electronic mail despatched to prospects.
Nevertheless, former Microsoft engineers have contested this declare –that help brokers cannot view consumer’s electronic mail content material.
“They’ll see what number of emails you’ve, the place the database lies, electronic mail content material, final individual you emailed,” one former engineer instructed ZDNet by way of encrypted chat.
ZDNet contacted Microsoft for clarification relating to this declare, and we have been instructed that the e-mail notification was, certainly, correct and that the hacker didn’t entry customers’ electronic mail content material nor attachments, however didn’t go into additional particulars.
In follow-up questions with different Microsoft engineers, we have been additionally instructed that the confusion about what the hacker might need accessed is dependent upon whose account the hacker accessed, because the time period “help agent” is used for each tech help employees, but in addition for engineers working with Microsoft’s enterprise prospects. The latter have elevated accessed over servers as a result of they normally deal with extra complicated points.
Within the meantime, the corporate is recommending that customers who obtained the e-mail about this latest breach change their Outlook.com credentials, “out of warning,” even when hackers didn’t entry Outlook customers’ passwords.
ZDNet understands that the incident solely affected a small variety of Microsoft Outlook customers and that Microsoft has additionally elevated detection and monitoring for the affected accounts, simply to make sure there isn’t any unauthorized entry for these accounts.
TechCrunch first reported and confirmed the hack earlier right now.
Article up to date to incorporate extra particulars about help brokers’ totally different entry ranges.