Microsoft has warned Outlook users that their accounts may have been compromised due to a breach earlier this year.
Between January and March 2019, accounts could have been put at risk due to a customer support worker’s credentials being compromised, the company said.
An email was sent to affected users last week, which explained the situation. According to Microsoft, bad actors may have been able to access information belonging to Outlook users, which includes email addresses, contacts’ email addresses and subject lines contained with certain emails.
“Our data indicates that account-related information (but not the content of any emails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” the company stated.
Microsoft emphasised the need for increased user vigilance following the discovery and recommended that people watch out for potential phishing attempts by cybercriminals.
“Microsoft regrets any inconvenience caused by this issue,” the company said. “Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.”
A spokesperson for the company shed additional light on the potential scale of the breach, suggesting that it only affected a “limited subset of consumer accounts.”
The issue was resolved by disabling the compromised credentials and blocking access to the perpetrators. However, despite Microsoft’s attempt to calm users, technology news website Motherboard reported that the breach was more significant than the company eluded to; with some users’ email content and inboxes being exposed.
Microsoft said that around 6% of the users affected could have been especially vulnerable, with cybercriminals potentially having access to detailed information.