What is the issue - Microsoft notified its users via email that a certain ‘limited’ number of users who use web email services managed by Microsoft might have had their accounts compromised.
Attackers compromised Microsoft support agent’s credentials and gained access to view ‘limited’ number of users’ email account information such as email addresses, folder names, subject lines, and the names of other email addresses users have communicated between January 1, 2019, and March 28, 2019.
However, attackers did not view any content of emails or attachments.
What was the immediate action taken?
“As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source,” Microsoft said in the email notification, TechCrunch reported.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a spokesperson for Microsoft told TechCrunch in an email.