Microsoft email hack was worse than first thought -- some users' messages were accessed
Over the weekend we reported that hackers gained access to Microsoft's web-based email services for a period of three months. Microsoft tried to calm users' concerns by saying that only "your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with" had been accessed. But for some people, things were rather worse.
It transpires that some users have been sent a notification from Microsoft informing them that hackers were able to access the content of emails.
- Microsoft reveals hackers gained access to its web email services for three months
- How to secure Windows 10 -- Microsoft reveals SECCON framework to protect systems
- April's Patch Tuesday updates are causing Windows to freeze or slow down
Having already publicly confirmed the initial details of the hack, Microsoft has now said to Motherboard that the hackers were "able to access email content from a large number of Outlook, MSN, and Hotmail email accounts". The site was tipped off about the greater extent of the hack by an unnamed source, and the fact that email messages -- rather than just subject lines -- had been accessed was subsequently confirmed by Microsoft.
In our original story, we shared the email that Microsoft was sending out to those who had been affected by the attack, explaining that hackers had only been able to access a limited amount of information. But a number of people received a different email that indicated hackers had wider access, including to email contents.
In a statement given to the Verge, a Microsoft spokesperson said:
Our notification to the majority of those impacted noted that bad actors would not have had unauthorized access to the content of e-mails or attachments. A small group (~6 percent of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support.
Microsoft has not revealed how many people have been affected by the matter, nor has it given any indication that it knows who was responsible.