Microsoft admitted last week to a data breach involving its web-based Outlook service, but that acknowledgment seems to have omitted a piece of crucial information. The software giant confirmed then that only the e-mail addresses of users, folder names, and subject lines were accessed by the hackers, excluding any email content or attachment.
A new report from Motherboard, however, claims otherwise. Citing a source with hands-on knowledge of the matter, the news outlet reports that content from several Outlook, MSN, and Hotmail accounts was also accessed after the credentials of a Microsoft customer support agent had been compromised by hacking. Microsoft has since reportedly confirmed this, though it added that only around 6% of the affected Outlook customers had their email content exposed to the hack.
The Outlook breach took place from January 1 to March 28 of this year. However, it's not clear how many accounts were impacted in general. It remains uncertain as well where the hack occurred, although it's likely that a number of those affected are based in Europe. The hack impacted only those consumers who use the non-premium Outlook version, meaning corporate customers are not affected.
According to the report, the Microsoft support account that was compromised belonged to an employee with a higher level of privilege that allowed full access to email content. The Redmond giant has since addressed the issue and blocked hackers' access in addition to sending breach notifications to affected customers. Here's the company's full advisory sent to customers:
Microsoft also said it has beefed up its security measures, although questions as to how the support agent's account was compromised remain unanswered.