Microsoft has confirmed its Outlook.com browser-based email client has been hit by a major hack recently. The company says the service has been breached for months. While Microsoft will not offer specific numbers on the amount of accounts affected, the problem seems to be much worse than originally thought.
In a statement, Microsoft said hackers obtained subject lines of emails and the names of people within conversations. While this Outlook.com breach was problematic, the company played down the severity.
“Our notification to the majority of those impacted noted that bad actors would not have had unauthorized access to the content of e-mails or attachments,” said a Microsoft spokesperson in a statement to The Verge. “A small group (~6 percent of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support.”
However, a new report from Vice Motherboard suggests the issue is much worse than Microsoft admitted. Indeed, hackers could also read entire emails and all the information they may contain.
It seems hackers did not infiltrate Outlool.com directly, but instead entered through Microsoft customer support. A tool in Outlook allows support teams to take full remote access of Outlook.com emails. Hackers infiltrated the support network and gained access to the email client.
This is no brief attack either as the report suggests hackers broke into the support tool at least six months ago. They have had access to emails until Microsoft discovered the breach at the end of last month. It is worth noting the company says this claim is untrue and the actual dates for the breach are from Jan. 1, 2019 until Mar. 28, 2019.