Microsoft this week admitted that “cybercriminals” have compromised a small number of Outlook.com accounts. But the firm says it has no idea how the accounts were compromised.
“Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals,” a Microsoft statement provided to Techcrunch reads. ”We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.”
Here’s what we do know.
The accounts were compromised during January, February, and March 2019.
To access the customer accounts, the cybercriminals first compromised Microsoft support representative accounts. Microsoft doesn’t know how this happened, but it has since disabled those accounts.
“You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source,” a Microsoft email to the compromised customers reads. The problem being, of course, that Microsoft support representatives should generally be trusted.
The compromises only include consumer Outlook.com accounts, not commercial (business) accounts of any kind.
Though email login credentials were not directly impacted by this incident, Microsoft is recommending that all impacted customers reset their email passwords as a precaution.
<p>gladly many people use google … oh wait…</p>
<blockquote><em><a href="#420466">In reply to Winner:</a></em></blockquote><p>search for google data breach, enjoy</p>
<p>Wait a second…..didn't Saint Satya say this a few years ago (lol), "Security Is The 'Most Pressing Issue Of Our Time'"</p><p><br></p><p><span style="color: rgb(51, 51, 51);">To execute on this, Nadella said, Microsoft will be building out a comprehensive platform that will extend from protection to detection to response, tying in threat intelligence to allow for a more proactive approach, and forming partnerships with other vendors in the IT industry.</span></p><p><br></p><p>That was about 4 years ago!</p><p><br></p><p>I swear…Microsoft is such a "hot mess" and they are trying to sell their products and services to the public? (LOL)</p><p><br></p><p><br></p>