Submitted via IRC for SoyCow1984
Microsoft: Hackers compromised support agent’s credentials to access customer email accounts
On the heels of a trove of 773 million emails, and tens of millions of passwords, from a variety of domains getting leaked in January, Microsoft has faced another breach affecting its web-based email services.
Microsoft has confirmed to TechCrunch that a certain “limited” number of people who use web email services managed by Microsoft — which cover services like @msn.com and @hotmail.com — had their accounts compromised.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson in an email.
According to an email Microsoft has sent out to affected users (the reader who tipped us off got his late Friday evening), malicious hackers were potentially able to access an affected user’s e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with — “but not the content of any e-mails or attachments,” nor — it seems — login credentials like passwords.
Microsoft is still recommending that affected users change their passwords regardless.
The breach occurred between January 1 and March 28, Microsoft’s letter to users said.
(Score: 0) by Anonymous Coward on Tuesday April 16 2019, @01:53PM
"Possibly they have a REALLY weird infrastructure"
Not so much. The email text is small so it is processed by the FBI, the file attachments are large so they are processed by the NSA. Two databases with a common index, easy peasy.