Hackers compromised Microsoft’s web-based email services, including Outlook.com accounts, MSN and Hotmail addresses, for months by using a customer support agent’s credentials, a report by Digital Trends reveal.
In an email sent to affected users, Microsoft said that the hackers were possibly able to access email addresses, subject lines of emails, folder labels, and the names of other email addresses that the user contacted.
Fortunately, the content of emails, including attachments, were not compromised, nor were login credentials such as passwords.
The hackers were able to carry out the security breach, which happened from January 1 to March 28, by compromising the credentials of a customer support agent. Microsoft has identified the credentials that the hackers used and disabled them.
Microsoft warned that affected users may receive more spam emails, and may be on the receiving end of phishing attempts.
Affected users are also advised by Microsoft to stay vigilant against such attacks, and are still advised to change their passwords even if the contents of their emails were not compromised because hackers may be able to use the addresses for identity theft purposes.