It is possible that an unknown number of users of Microsoft email accounts Corp (Microsoft employee accounts), including those using Outlook and Hotmail, have had an information exhibition of emails that were stolen in a hack that lasted from January 1 to March 28.
And is that a hacker or a group of hackers (it is not yet known if he acted in a group) gained access to a Microsoft customer service account, from which they obtained access to the information of the clients' accounts, including who they contacted.
By confirming the hack over the weekend, according to an email Microsoft sent to affected users.
The problem got out of hand with Microsoft
Microsoft claimed that the attackers accessed the email address of an affected user to folder names, to the subject lines of emails, and to the names of other email addresses that the user contacted.
"But not the content of any email or attachment".
The latter was quickly discussed and Microsoft admitted later that the hackers had gained access to the content of the emails of some clients, approximately 6 percent of those affected.
First he denies and before the pressure he ends up accepting
The reason why Microsoft I would first deny that the content was accessed from the emails of the victims, then when faced with the evidence of the statement change, although it was not immediately clear.
The hacks only affected consumer accounts, not business accounts paid thanks to the limited access level of the breached customer service account.
In an email to affected users, Microsoft noted that:
"Regrets any inconvenience caused by this issue," and that you should be "assured that Microsoft takes data protection very seriously and has involved its internal security and privacy teams in investigating and resolving" the issue, " as well as the additional strengthening of systems and processes to prevent such recurrence «.
That protection includes an audit of customer service accounts to make sure they are no longer compromised, especially since hackers went undetected for three months.
In your breach notification email, Microsoft said it immediately disabled the support account compromised customer once the company discovered the problem.
"We have identified that the credentials of a Microsoft support agent were compromised, allowing people outside of Microsoft to access information within your Microsoft email account."
Microsoft will have to face the consequences
Although data breach is a problem for Microsoft, the next challenge will probably be the involvement of the European Union.
Without providing the number of people affected, it is known that at least some of them were in the European Union, which means that the data breach will be within the scope of the EU General Data Protection Regulation.
Because of that, an EU investigation is likely to look into whether Microsoft complied with the regulation and did everything possible to prevent the attack.
Microsoft continues to recommend that affected users change their passwords independently.
Even though it doesn't hurt if you are a user of any of Microsoft's email services, don't think twice about changing your password.
Since three months is a long time for this person or group to have access to the information of many email accounts, in addition to that many of us know that they tend to minimize the problem when it really is quite large.
So in addition to verifying your account details and (personal recommendation) activate two-step verification.