UPDATED 21:38 EST / APRIL 14 2019

SECURITY

Hackers gain access to Microsoft email accounts for nearly three months

An unknown number of Microsoft Corp. email account users, including those using Outlook and Hotmail, may have had details of emails stolen in a hack that lasted from Jan. 1 to March 28.

A hacker or group of hackers gained access to a customer support account for Microsoft, from which they then got access to information on customer accounts, including whom they communicated with.

In confirming the hack over the weekend, Microsoft claimed that the attackers accessed an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicated with — “but not the content of any e-mails or attachments.” That last was quickly disputed, with Microsoft later admitting to Motherboard that the hackers had gained access to the content of some customers’ emails, about 6 percent of those affected.

Why Microsoft would first deny that the content of victims’ emails had been accessed, then when confronted with evidence to the contrary change its statement, was not immediately clear. The hacks only affected consumer accounts, not paid enterprise accounts thanks to the limited access level of the breached customer service account.

In an email to affected users, Microsoft noted that it “regrets any inconvenience caused by this issue,” and that they should be “assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.”

That protection includes an audit of customer service accounts to make sure that no further are compromised, particularly given that the hackers remained undetected for three months.

Although the data breach is a problem for Microsoft, the next challenge will likely be the involvement of the European Union. Without providing numbers of those affected, it’s known that at least some of them were in the European Union, meaning that the data breach will fall under the purview of the EU General Data Protection Regulation. Because of that, an EU investigation is likely to follow into whether Microsoft complied with the regulation and whether it did its best to prevent the hack.

Image: Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU