Microsoft: So serious was the security issue with Outlook, Hotmail and MSN

When strangers look in the mailbox: Microsoft has admitted to a security problem with its email services. Affected users were informed. How big the problem is, however, remains unclear.

Unknown attackers have gained access to the data of some users of Microsoft's e-mail services. The intruders were able to see information such as the e-mail addresses with which they were communicated, the headlines of e-mails and folder names, the group said on the weekend.

For some of the affected users, however, the problem seems to have been even more serious: The motherboard website reports, based on a source not mentioned by name, that attackers in some cases also have the content of emails from Outlook, MSN and Hotmail accounts can read. According to "motherboard", Microsoft has officially confirmed this. So obviously there are two groups of sufferers.

Microsoft had previously expressed, inter alia, on the tech sites "TechCrunch" and "The Verge" on the security problem. It is still unclear how many users overall have to worry about their privacy because of the glitch.

Some of those affected were hit harder

According to the motherboard, the gap basically only concerns private accounts and no business accounts that companies provide to their employees. Microsoft told "Motherboard" that about six percent of the users affected by the crash were informed that their e-mail content was also viewable. How many people or accounts correspond to the hundred percent left the company open.

The attackers had come into the system via stolen credentials of a Microsoft customer service representative, in a Microsoft email, to users of the email services published by TechCrunch and The Verge. It was said that the access existed from 1 January to 28 March. Concerned users had been informed on Friday about the problem, which also triggered the media reports.

Microsoft recommends that users change the password for security. In addition, the company warns against sophisticated phishing attacks based on the captured information. Phishing attempts to capture user access information using fake login pages.

ref: spiegel