"Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence", the email adds.
San Francisco: Microsoft has alerted some of its mail users of possible hacker attacks that could access their email accounts illegally, media reports said.
Microsoft confirmed to TechCrunch this week that the firm's webmail services have been a victim of a data breach. The issue involved compromised credentials belonging to a support agent that left some accounts exposed to 'unauthorized parties, ' according to Microsoft, with the vulnerability having existed from January 1 to March 28, 2019.
Microsoft noted that it doesn't know which data has been viewed, or the reasons why, but that users may experience increasing phishing or spam emails as a result of the breach, therefore, it advises users to be more vigilant when checking their emails.
Microsoft is committed to providing our customers with transparency.
The OS maker said it disabled the compromised support agent's credentials once it learned of the unauthorized intrusion; however, the company said there might be a possibility that the hacker accessed and viewed the content of some Outlook users' accounts.
The information exposed to hackers includes email addresses, folder names, subject lines of emails, names of other email addresses that users communicate with.
ZDNet understands that the incident only affected a small number of Microsoft Outlook users and that Microsoft has also increased detection and monitoring for the affected accounts, just to be sure there's no unauthorized access for those accounts.
Even though the software giant ensures that no login details or other personal information were stolen by the hackers, the company is recommending that affected users reset their passwords. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.
An email sent out to affected users stated that intruders were possibly able to see a user's email address, the email addresses of those a user corresponded with, email subject lines, and folder names the user had set up, but not the actual email contents or any passwords.