A compromised support account was the source of a major hack targeting non-corporate users of Microsoft’s email services, according to a report by Motherboard on Sunday, the 14th.
The Redmond, Washington-based company started to inform its users about the breach on April 13th and confirmed that attackers could access subject lines, folder names and information of others the individual has interacted with.
The affected accounts were only the free offerings from Microsoft, with paid, enterprise accounts spared from the vulnerability.
According to Motherboard’s source, bodies of emails could be accessed by a third party with control over the support account, and the source also provided proof indicating that other information like “Profile,” “Mailbox Folder Stats,” “Admin Center,” and “Logon History” was accessible as well. Microsoft told Motherboard that about six percent of a “small number of impacted customers” had to be informed about email content was accessed.
While the same source claimed that hackers could read emails found in free Outlook, Hotmail and MSN accounts for the last six months, Microsoft subsequently issued a denial. The company said that the timeframe was between January 1 and March 28.
The source explained that the accounts were involved in unlocking iCloud accounts.