Microsoft this week admitted that “cybercriminals” have compromised a small number of Outlook.com accounts. But the firm says it has no idea how the accounts were compromised.
“Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals,” a Microsoft statement provided to Techcrunch reads. ”We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.”
Here’s what we do know.
The accounts were compromised during January, February, and March 2019.
To access the customer accounts, the cybercriminals first compromised Microsoft support representative accounts. Microsoft doesn’t know how this happened, but it has since disabled those accounts.
“You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source,” a Microsoft email to the compromised customers reads. The problem being, of course, that Microsoft support representatives should generally be trusted.
The compromises only include consumer Outlook.com accounts, not commercial (business) accounts of any kind.
Though email login credentials were not directly impacted by this incident, Microsoft is recommending that all impacted customers reset their email passwords as a precaution.
Tagged with Security