Microsoft: Hackers compromised support agent’s credentials to access customer email accounts


Tech / Techcrunch 643 Views 0

On the heels of a trove of 773 million emails, and tens of tens of millions of passwords, from quite a lot of domains getting leaked in January, Microsoft has confronted one other breach affecting its web-based e-mail providers.

Microsoft has confirmed to TechCrunch that a sure “restricted” quantity of people that use net e-mail providers managed by Microsoft — which cowl providers like and — had their accounts compromised.

“We addressed this scheme, which affected a restricted subset of shopper accounts, by disabling the compromised credentials and blocking the perpetrators’ entry,” stated a Microsoft spokesperson in an e mail.

In line with an e-mail Microsoft has despatched out to affected users (the reader who tipped us off obtained his late Friday evening), malicious hackers have been probably capable of entry an affected consumer’s e-mail tackle, folder names, the topic strains of e-mails, and the names of other e-mail addresses the consumer communicates with — “but not the content of any e-mails or attachments,” nor — it seems — login credentials like passwords.

Microsoft continues to be recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft’s letter to customers stated. 

The hackers acquired into the system by compromising a buyer help agent’s credentials, in line with the letter. As soon as identified, these credentials have been disabled. Microsoft informed users that it didn’t know what knowledge was seen by the hackers or why, however cautioned that users may in consequence see extra phishing or spam emails in consequence. “You ought to be cautious when receiving any e-mails from any misleading domain identify, any e-mail that requests personal info or cost, or any unsolicited request from an untrusted source.”

We're printing the complete text of the email under, but a separate e mail despatched to us, from Microsoft’s Info Safety and Governance workforce, confirmed a few of the primary particulars, adding that it has elevated detection and monitoring on those accounts affected.

Microsoft just lately turned aware of a problem involving unauthorized entry to some clients’ web-based e mail accounts by cybercriminals. We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A restricted variety of shopper accounts have been impacted, and we now have notified all impacted clients. Out of an abundance of caution, we also increased detection and monitoring to further shield affected accounts. 

No enterprise clients are affected, TechCrunch understands.

Proper now, a whole lot of question marks remain. It’s unclear exactly how many people or accounts have been affected, nor during which territories they are situated — but plainly at the very least some have been within the European Union, since Microsoft also supplies info for contacting Microsoft’s knowledge safety officer in the region.

We additionally don’t understand how the agent’s credentials have been compromised, or if the agent was a Microsoft worker, or if the individual worked for a 3rd social gathering providing help providers. And Microsoft has not explained the way it found the breach.

We have now asked Microsoft all the above and can replace this submit as we study extra.

In this age the place cybersecurity breaches get revealed each day, e-mail is among the mostly leaked pieces of private info. There’s even been a website created dedicated to serving to individuals work out if they are amongst those who have been hacked. Have I Been Pwned, as the location is known as, now has over 7.8 billion e mail addresses in its database.

We’ll update this publish as we study more. The letter from Microsoft to affected users follows.

Pricey Buyer

Microsoft is committed to providing our clients with transparency. As a part of maintaining this belief and dedication to you, we're informing you of a current event that affected your Microsoft-managed e mail account.

We've got identified that a Microsoft help agent’s credentials have been compromised, enabling individuals outdoors Microsoft to access info within your Microsoft e-mail account. This unauthorized entry might have allowed unauthorized events to entry and/or view info related to your e-mail account (akin to your e-mail handle, folder names, the topic strains of e-mails, and the names of other e-mail addresses you communicate with), but not the content material of any e-mails or attachments, between January 1st 2019 and March 28th 2019.

Upon awareness of this situation, Microsoft instantly disabled the compromised credentials, prohibiting their use for any further unauthorized entry. Our knowledge indicates that account-related info (but not the content material of any e-mails) might have been seen, but Microsoft has no indication why that info was seen or how it might have been used. In consequence, you might receive phishing emails or different spam mails. You have to be cautious when receiving any e-mails from any deceptive area identify, any e-mail that requests personal info or cost, or any unsolicited request from an untrusted source (you possibly can learn extra about phishing assaults at windows/safety/threat-protection/intelligence/phishing).

It is very important observe that your e mail login credentials were not instantly impacted by this incident. Nevertheless, out of warning, you must reset your password in your account.

In the event you require further assistance, or have any further questions or considerations, please be happy to succeed in out to our Incident Response Staff at In case you are a citizen of European Union, you might also contact Microsoft’s Knowledge Safety Officer at:

EU Knowledge Safety Officer
Microsoft Eire Operations Ltd
One Microsoft Place,
South County Business Park,
Leopardstown, Dublin 18, Eire

Microsoft regrets any inconvenience brought on by this problem. Please be assured that Microsoft takes knowledge safety very significantly and has engaged its inner safety and privateness teams in the investigation and determination of the difficulty, in addition to further hardening of methods and processes to stop such recurrence.

Updated with comment from Microsoft.