Some users of Microsoft’s web-based email services including @msn.com, @hotmail.com, and @outlook.com have had their accounts breached, with the accounts remaining in a compromised state for more than two months.
As TechCrunch and Motherboard report, an email sent out by Microsoft late last week explains that access to its system was gained through compromised Microsoft support agent credentials. Email accounts were then accessed and information including each account’s email address, folder names, subject lines, and the other email addresses communicated with could be viewed.
That was the extent of the breach for most compromised accounts, but around six percent of affected users didn’t get so lucky. The information accessed in their accounts extended to the body of emails, their date of birth, calendar activity, admin center, and their logon history.
The compromise lasted from Jan 1. to March 28., with Microsoft disabling the compromised credentials as soon as it became aware of the situation. Even though email account login details were not accessed in any way, “out of caution” Microsoft is advising those affected to reset their account password. The same advice will be conveyed to anyone who receives this warning email from Microsoft.
The biggest threat posed to users caught up in this compromise is the threat of phishing attacks and email spam. It’s likely the email addresses were taken and sold as a list or added to an existing one of valid email addresses. After that, they are likely to be sent some form of spam, or worse, have compromised files attached to an email that allows for a PC infection or ransomware to take control if opened.
As ever, ensure you are running a good security suite to protect yourself against infection, protect your identity online, and use common sense when reviewing emails, especially if they have attachments you don’t recognize or expect.
YouTube was slammed Monday after live footage of the devastating Notre Dame blaze appeared above a link to information on the 9/11 terrorist attacks. The footage appeared with a link to an Encyclopedia Britannica explainer on 9/11, according to Gizmodo. The Verge reports that the erroneous link appeared briefly beneath live streams used by CBS...
FILE – In this Dec. 17, 2018, file photo, a man using a mobile phone walks past Google offices in New York. (AP Photo/Mark Lennihan, File) To better protect Android users from malicious apps, Google plans on spending more time vetting new developers who want to publish over the Google Play store. The company estimates...