Attackers compromised Microsoft support agent’s credentials to access users’ email accounts

• Attackers compromised Microsoft support agent’s credentials and gained access to view ‘limited’ number of users’ email account information.
• Upon learning about the incident, Microsoft immediately disabled the compromised support agent's credentials.

What is the issue - Microsoft notified its users via email that a certain ‘limited’ number of users who use web email services managed by Microsoft might have had their accounts compromised.

What happened?

Attackers compromised Microsoft support agent’s credentials and gained access to view ‘limited’ number of users’ email account information such as email addresses, folder names, subject lines, and the names of other email addresses users have communicated between January 1, 2019, and March 28, 2019.

However, attackers did not view any content of emails or attachments.

What was the immediate action taken?

• Upon learning about the incident, Microsoft immediately disabled the compromised support agent's credentials.
• Microsoft notified the potentially affected users about the incident and provided additional guidance and support.
• The company has requested its users ‘out of caution’ to reset their email account passwords.
• It has further enhanced its detection and monitoring services in order to protect affected accounts.

“As a result, you may receive phishing emails or other spam mails. You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source,” Microsoft said in the email notification, TechCrunch reported.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a spokesperson for Microsoft told TechCrunch in an email.