April 23, 2019
A Microsoft email hack has compromised accounts of Hotmail and Outlook users this month. The company has warned affected users, saying access by the hacker was limited for the most part.
The Microsoft email hack only affected a limited number of users of the webmail services provided by the company. For the most part, the hacker had access to limited information. Microsoft said:
‘We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments.”
The hacker managed to break into the systems at the start of January and was only discovered and rooted out in late March. Microsoft has also confirmed that around 6 per cent of those affected suffered more extensive damage. In a small number of cases the hackers had complete access to their email contents.
The Microsoft email hack was a result of compromised credentials of a third-party support agent. We don’t know as of yet what these credentials were. Were they a password and username, a phone number, a smartcard?
Whatever may have happened, the credentials were compromised. Microsoft is now warning those affected to not let the same happen to them. It said:
“Microsoft has no indication why that information was viewed or how it may have been used. As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source.’
What it all points to, is user log-in systems for both Microsoft internally and for users of their systems should be using the most complex and secure login methods available to limit the chances of compromised accounts.
Here at Global Data Sentinel, we use identity management that utilize biometrics to ensure our log-in methods for our clients are secure. When a fingerprint is needed in the log-in process, you can be confident only your approved users can gain access to your system. Find out more.