Microsoft has confirmed that a number of its email services have been breached, with users’ email content potentially exposed.
The tech giant noted in its incident statement on 12 April that the criminal hackers could have viewed email addresses, folder names and email subject lines, but not email content or attachments.
However, according to Motherboard, the issue is far more serious, with the attackers having full access to users’ email content.
Microsoft later admitted that about 6% of affected user accounts potentially allowed for this, but didn’t indicate the number of users affected by the breach, which occurred between 1 January and 28 March this year.
It’s understood that the criminal hackers accessed the system by compromising the credentials of a customer support agent.
Once Microsoft became aware of the unauthorised access, it disabled the compromised credentials.
Although Microsoft has stated that passwords remain unaffected, it is strongly urging users to change them as a security precaution.
Are you prepared for a data breach?
Ponemon Institute’s 2018 Cost of a Data Breach Study found that one in four organisations will suffer a data breach within the next two years.
As cyber attacks become easier to carry out, and the potential damage they cause becomes greater, organisations must improve their cyber defences by taking an integrated and intelligence-led approach to cyber security that considers people, processes and technology.