According to Microsoft, between January 1, 2019, and March 29, 2019, a hacker, or group of hackers, compromised the account of a Microsoft support agent, one of the company’s customer support representatives that handles technical complaints.
The OS maker said it disabled the compromised support agent’s credentials once it learned of the unauthorized intrusion; however, the company said there might be a possibility that the hacker accessed and viewed the content of some Outlook users’ accounts.
“This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments,” Microsoft said in the email sent to customers.
However, former Microsoft engineers have contested this claim –that support agents can’t view user’s email content.
“They can see how many emails you have, where the database lies, email content, last person you emailed,” one former engineer told ZDNet via encrypted chat.
ZDNet contacted Microsoft for clarification regarding this claim, and we were told that the email notification was, indeed, accurate and that the hacker did not access users’ email content nor attachments, but did not go into further details.
In follow-up questions with other Microsoft engineers, we were also told that the confusion about what the hacker might have accessed depends on whose account the hacker accessed, as the term “support agent” is used for both tech support staff, but also for engineers working with Microsoft’s enterprise customers. The latter have increased accessed over servers because they usually handle more complex issues.
In the meantime, the company is recommending that users who received the email about this recent breach change their Outlook.com credentials, “out of caution,” even if hackers did not access Outlook users’ passwords.
ZDNet understands that the incident only affected a small number of Microsoft Outlook users and that Microsoft has also increased detection and monitoring for the affected accounts, just to be sure there’s no unauthorized access for those accounts.