Founded in 1996, Outlook.com is a web-based suite of webmail, contacts, tasks, and calendaring services developed and offered by Microsoft.
The company says to those receiving the email that they should be extra wary of phishing attempts for the foreseeable future.
Microsoft explains in the notification that it sent to users that hackers were able to access some information, like email folder names and subject lines of emails, but no actual content of the email.
"Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used", the report quoted the company as saying in its email.
The company told affected users in an email that "the content of any emails or attachments" were not accessed in the breach earlier this year, and that it "immediately disabled the compromised credentials" once it became aware of the issue.
We don't know how many accounts that is, because Microsoft didn't provide an estimate of the overall number of users who were hit by this hack.
Microsoft clarified that this "affected a limited subset of consumer accounts" and that the malicious activity began at the start of January 2019 and ran through to nearly the end of March, so essentially lasted three months.
The tech giant says that an employee's credentials were compromised, giving a hacker access to a number of accounts for the first three months of 2019.
Motherboard's source also revealed that hackers actually had access to much longer than the 3 months Microsoft admitted to, saying they were able to read emails for at least 6 months.
Despite the perpetrators not gaining access to account passwords, Microsoft is still recommending that if you've been affected, you should change your password just as a precautionary measure.