Hackers had access to Hotmail, MSN and Outlook emails from a large number of accounts for two months, Microsoft has revealed.
The technology giant confirmed that email accounts of non-corporate users were breached, with the contents of around 6 percent of emails exposed by cybercriminals exploiting a customer support portal.
According to an email sent to the majority of affected users and then posted online, the firm said a Microsoft support agent’s credentials were compromised, potentially allowing unauthorized access to some account information.
For most, this included a person’s email address, folder names, subject lines of emails and the names of other email addresses users communicated with between 1 January and 28 March 2019, but not the content of emails or attachments.
However, when approached for comment on the incident, Microsoft confirmed that a small group of users had also been notified that bad actors could have gained unauthorized access to the wider contents of their emails.
The company said it was providing additional guidance and support to those users.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesman said of the incident.
Microsoft operates email services including Outlook, MSN and Hotmail.
The company has not confirmed the number of accounts, in total, affected by the breach.
The firm warned in its email that users might receive more spam and phishing emails as a result of the incident, and urged users not to click on links from email addresses they did not recognize.
The company added that although password information had not been affected, it encouraged users to change their log-in details “out of caution”.
Microsoft said it had also increased detection and monitoring for the affected accounts.
The incident follows the discovery in January of more than 770 million email addresses from a variety of services in an online database allegedly used by hackers.
The tech giant said Hotmail, MSN and Outlook users affected by the issue have been notified via email.