Microsoft has admitted that Outlook.com was hacked. The hackers are confirmed to have had access to Outlook.com. Therefore they also had access to Hotmail and MSN email. From 1st January to 28th March 2019 they had access. There are conflicting reports on the internet that the hackers had different levels of access to different accounts.
Take control of your email account and your privacy
Microsoft’s comments on Outlook.com
Microsoft have as yet not confirmed how many users have been affected. We know that some of them are in the EU as Microsoft have published information in line with the GDPR. They claim that all affected users have been informed and given them information to help. Microsoft also states that no logon information was obtained in the breach. Therefore it seems strange that they were also advised to change their passwords. Some users were locked out of their accounts until they had changed their passwords.
How long has it been going on
Some websites reported that the hackers have had access for around six months, Microsoft has said that this is incorrect. They point to their earlier release stating that the breach was only between 1st January and 28th March 2019. Microsoft also claim that only 6% of the original, undisclosed amount, hacked users have had their email and attachments read. The original hack only allowed for email titles and some other account information to be read according to their press release. This has also been disputed but in light of the lack of information from Microsoft about the level of access and quantity they obtained we can only surmise.
What actually happened
It is known that the hackers obtain a Customer Support Agents logon credentials. They were able to use these to access users email accounts and some believe that they were able to send emails. There is no doubt that they had access to calendar and contact information for all affected users and this is where much of the real concern comes from. Not only have they been able to read people emails gaining information but they have access to everyone they know. This means that there is likely going to be an increase in phishing emails sent to users that will contain your email address and what they call you, moreover it will also contain they correct way the real person would sign-off an email to you. This increases the probability that you will follow the instruction in the email to click the link.
What can you do about it
Well, if you are intent on keeping your outlook.com (or Hotmail or MSN) address then you should immediately change your password, as per Microsoft’s warning. Other than that there is little you can do. There are many reports of incidents with Customer Services with large companies that are to lax in their security.
It is recommended that you change your Outlook.com, or any such provider of email, such as Hotmail, MSN, Gmail, Yahoo Mail, AOL, etc. to a secure email platform hosted by a company that takes security seriously. Some examples are SecuredMail.App and BasicMail from CritchCorp Computers Ltd. They also have cloud email that has much more with it for those with a bigger budget.