SECURITY
SECURITY
SECURITY
Hackers gain access to Microsoft email accounts for nearly three months
An unknown number of Microsoft Corp. email account users, including those using Outlook and Hotmail, may have had details of emails stolen in a hack that lasted from Jan. 1 to March 28.
A hacker or group of hackers gained access to a customer support account for Microsoft, from which they then got access to information on customer accounts, including whom they communicated with.
In confirming the hack over the weekend, Microsoft claimed that the attackers accessed an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicated with — “but not the content of any e-mails or attachments.” That last was quickly disputed, with Microsoft later admitting to Motherboard that the hackers had gained access to the content of some customers’ emails, about 6 percent of those affected.
Why Microsoft would first deny that the content of victims’ emails had been accessed, then when confronted with evidence to the contrary change its statement, was not immediately clear. The hacks only affected consumer accounts, not paid enterprise accounts thanks to the limited access level of the breached customer service account.
In an email to affected users, Microsoft noted that it “regrets any inconvenience caused by this issue,” and that they should be “assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.”
That protection includes an audit of customer service accounts to make sure that no further are compromised, particularly given that the hackers remained undetected for three months.
Although the data breach is a problem for Microsoft, the next challenge will likely be the involvement of the European Union. Without providing numbers of those affected, it’s known that at least some of them were in the European Union, meaning that the data breach will fall under the purview of the EU General Data Protection Regulation. Because of that, an EU investigation is likely to follow into whether Microsoft complied with the regulation and whether it did its best to prevent the hack.
Image: Microsoft
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
