Attackers were able to get into Microsoft email services and gain access to user accounts after compromising a support agent’s credentials, Microsoft said.
“We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails, and the names of other email addresses you communicate with), but not the content of any emails or attachments, between January 1 2019 and March 28, 2019,” Microsoft said in a notification to users.
Microsoft immediately disabled the compromised credentials.
Microsoft also said “Our data indicates the account related information (but not the content of any emails) could have been viewed.
As a result of the incident, Microsoft went on to say, victims may receive phishing emails or other spam emails.
Click here to view Microsoft’s notification.