Over the weekend, Microsoft confirmed that its email services suffered a breach, allowing hackers to view data associated with MSN, Hotmail, and Outlook email accounts.
In a statement to TechCrunch, Microsoft said that the hackers had used a customer support agent’s compromised credentials to view users’ email addresses, folder names, subject lines, and lists of email addresses that affected users had corresponded with.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson told TechCrunch in a statement.
In its initial statement, Microsoft said that the contents of emails weren’t visible to the hackers. However, Motherboard later confirmed with Microsoft that email contents for “around six percent” of customers affected by the breach were impacted.
Microsoft has sent out email notifications to those who were affected by the breach, and it recommends that users change their passwords as a precautionary measure. The company says that hackers had access to the information between January 1 and March 28, but an anonymous source speaking with Motherboard offered a conflicting timeframe, saying that “hackers had access for at least six months.”
According to Microsoft, corporate-level accounts were not affected by the breach.