Microsoft’s Outlook.com service has been the subject of a pretty serious hack in recent weeks. Microsoft first confirmed to Techcrunch that its email service has been compromised for months, with hackers being able to access subject lines of emails and names of people within conversations in select Outlook.com accounts.
However, following a new report from Vice’s Motherboard website revealing that hackers were actually able to read the content of emails, Microsoft has been forced to change its stance.
Microsoft undersold scale and severity of breach in its initial statements, which said email content wasn’t compromised. We confirmed email content was readable and that it was abused and used for SIM swapping
— Jason Koebler (@jason_koebler) April 14, 2019
Microsoft confirmed to Motherboard that it sent breach notification emails to Outlook.com users who had their emails read by hackers, and the company added that this was just 6% of users affected by the hack. “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson told Motherboard in a statement.
The hack is apparently the consequence of hackers gaining access to customer support account for Outlook.com, a tool that does give support agents full access to Outlook.com emails. “Microsoft, like many other tech giants, does have the ability to scan or read user’s messages. In 2014, Microsoft looked into the email account of a French blogger to identify a Windows 8 leaker,” highlighted the Motherboard report.
According to Motherboard's source, hackers had access to this compromised support tool for at least six months, until Microsoft spotted the hack at the end of March. The Redmond giant disputes this claim, saying that the breach took place from 1st January 2019 to 28th March 2019. Anyway, this isn't a good look for Microsoft and the email service considered as one of the best alternatives to Google's Gmail.