Microsoft has sent an email to some Outlook.com users informing them of a security breach. The issue involved compromised credentials belonging to a support agent that left some accounts exposed to ‘unauthorized parties,’ according to Microsoft, with the vulnerability having existed from January 1 to March 28, 2019. The compromised credentials have since been disabled.
Impacted Outlook.com users have received an email detailing the issue. According to Microsoft, anyone who had the credentials were able to view email addresses, folder names, email subject lines, and the email addresses of people the user communicated with, but were not able to view any email contents or attachments.
In Microsoft’s statement to Outlook.com users who received its notification, the company says, “Out data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.”
The potential exists that impacted users could be subjected to phishing emails, increased spam, and other bothersome content. Users who receive this alert should be extra cautious when interacting with emails by verifying that they were sent by a legitimate address and that included links don’t redirect them to random websites that may harvest login info.
Though users’ email login information was not compromised by the security breach, Microsoft is still recommending that its users reset their email passwords. This action can be taken in the account’s security settings menu.