An unknown hacking group may have breached the Microsoft Outlook support agent service in a recent attack against the company. This has allowed the hackers to gain sensitive data about the users on the email platform — they were able to hijack data in the period between 1 January 2019 and 28 March 2019.
Sensitive Microsoft Outlook Data Stolen By Hackers
An alarming security incident has been reported to have impacted the support portal used by the Microsoft Outlook service. News of this warning came not from a security company or researcher, but by a user on the Reddit social network who reported to have received a notification from the service. According to the message Microsoft has informed users that a breach has been made. The information that we know for sure so far is that the criminal has accessed private record in the period between 1 January 2019 and 28 March 2019.
The hackers have been able to take over the credentials of Microsoft Outlook support agents and use them in order to harvest as much data as possible about the victim users. What we know is that the criminal collective has been able to hijack account data, but not the content of their emails or any file attachments. The information that can be retrieved using such credentials includes the following:
- Email Addresses
- Folder Names
- Subject Lines
- Names of email addresses that the users have interacted with
What’s more alarming about the security incident is that there is no information available about the exact mechanism the victims have used. As a precaution Microsoft has revoked all abused credentials and is actively notifying all users that might have been impacted. At the moment the total number of affected users is not known and/or revealed.