Update: Microsoft has now confirmed that MSN and Hotmail email accounts were also breached.
Microsoft has revealed this morning that a hacker was able to access Outlook.com accounts for several months. As detailed by The Verge, Microsoft discovered that a support agent’s credentials for Outlook.com were compromised for a 3-month window.
Microsoft says that a hacker had access to the support agent’s account from January 1st through March 28th, 2019. The hackers could view email addresses, folder names, and email subjects, but not actual emails themselves or attached files. The credentials used in the hack have since been disabled.
Microsoft has emailed users whose account information was affected by this breach. While no account passwords were accessible by the hackers, Microsoft is still advising affected users to change their password. The company also advises users be on the lookout for phishing scams and emails that ask for any sort of payment.
Details of the breach are still unclear, including how many users were affected. It’s also unknown how the hacker(s) were able to gain access through the support agent’s account in the first place.
It is important to note that your email login credentials were not directly impacted by this incident. However, out of caution, you should reset your password for your account.”
If you were affected by this Outlook.com breach, you should receive an email from Microsoft. Nonetheless, it might be wise for all Outlook.com users to change their password either way. You can read instructions on how to do so via Microsoft’s support website.