Attackers hacked support agent to access Microsoft Outlook email accounts

Bad news for users of the Microsoft Outlook email service, hackers have compromised the Microsoft Support Agent to access their email accounts.

Earlier this year, hackers breached Microsoft’s customer support portal and gained access to some email accounts registered with the Microsoft’s Outlook service.

Microsoft notified some of its users the security breach, it confirmed via email that hackers have accessed information about their OutLook account between 1 January 2019 and 28 March 2019.

Several Reddit users confirmed to have received a data breach notification email from Microsoft and one of them published an image of the message:

Microsoft security breach notification email states that unknown attackers were able to compromise credentials for one of Microsoft’s customer support agents. The company did not provide additional details on the way the hackers compromise the employee’s account either the number of affected accounts.

A Microsoft’s customer support agent can view account email addresses, folder names, subject lines of emails, and the email addresses a user sent messages. The attackers used compromised credentials to access information belonging to the affected accounts. The company pointed out that attackers were not able to access the content of the emails or attachments.

“Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” reads the breach notification email.

Experts at THN highlighted that even the two-factor authentication was not able to prevent users’ accounts.

Microsoft disabled the compromised credentials:

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”

Microsoft recommended all users, even not affected ones, to reset the passwords for their Microsoft accounts as a precautionary measure.

“Microsoft regrets any inconvenience caused by this issue,” concludes the company. “Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as. additional hardening of systems and processes to prevent such recurrence.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Outlook)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.