Hackers Could View Outlook.com Accounts for Months

Microsoft's Outlook.com email service was compromised earlier this year, the software company has recently revealed. As a

Microsoft’s Outlook.com email service was compromised earlier this year, the software company has recently revealed, leading to hackers able to view sensitive user data.

According to Microsoft, the issue went unnoticed for three months before it closed the vulnerability.

Microsoft have downplayed the issue by stating that the information viewable was limited, but recent news has brought this claim into question.

What Happened?

Outlook was left vulnerable through a third-party support agent with compromised credentials — a customer support portal, according to one source.

Hackers had access to email information for some users between January 1 and March 28, 2019. Microsoft hasn’t revealed how many users were affected by the data leak, aside from stating that it is a “limited subset” of the total Outlook users.

What Details Could the Hackers See?

Not all email details were available to hackers, according to early reports. The vulnerable details definitely included email addresses, folder names, and email subject lines. Not included, according to Microsoft: Text from the body of any emails, any login information or passwords, and any attachments within any emails.

Here’s what Microsoft said:

“Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” Microsoft told affected users in an email, The Verge reported.

However, that initial statement might have under reported the issue.

Could Hackers Access Email?

An anonymous source has told Vice’s Motherboard a different story, saying that the full text of email bodies were vulnerable in some cases.

“But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard. Microsoft confirmed to Motherboard that hackers gained access to the content of some customers’ emails.”

When confronted with these claims by Motherboard, Microsoft told them hackers could indeed have accessed the body of emails received by “around 6 percent of a small number of impacted customers.”

According to Motherboard’s source, paying enterprise users’ accounts weren’t affected, while consumer users’ accounts were.

Granted, that anonymous source hasn’t been proven entirely accurate: They claimed the data breach left users vulnerable for “at least six months,” while Microsoft hasn’t backed down on their assertion that the data was only accessible from the beginning of January until March 28.

Whatever the case, there’s no ignoring how meaningful the information that leaked could be.

Are Outlook.com users now safe?

Microsoft has stated through a spokesperson that they’ve disabled any “compromised credentials” and “block[ed] the perpetrators’ access.”

It looks like Outlook.com users are now secure, for a certain definition of the word. At this point, we’ve seen so many high-profile data breaches in the past few years that a sense of fatigue has set in among some. Nevertheless: Outlook.com users should change their passwords, just as a precaution.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals