Microsoft customer service breached

Microsoft recently confirmed that the login credentials of one of its customer support agents were compromised.

This allows unknown third parties to log in and gain access to data contained in an unspecified number of users' Hotmail and Outlook email accounts. The exposure occurred between January 1 and March 28 of this year (2019).

When news of the breach first emerged

"We have identified that a Microsoft support agent's credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account. This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails, and the names of other email addresses you communicate with), but not the content of any emails or attachments...it is important to note that your login credentials were not directly impacted by this incident."

In our view, the last line is the most important in the formal statement.  The hackers were able to glean some information from an unknown number of accounts, but they did so by proxy through the lens of a compromised support account, and not by stealing actual login credentials of users.

Since the company's announcement, there have been conflicting reports that suggest the breach may have been more serious than Microsoft is currently claiming.  As such, our recommendation is that if you have a Hotmail or an Outlook.com account, the best course of action would be to exercise an abundance of caution and change your password right away.  It's far better to be safe than sorry.

Our perspective

Also be aware that since hackers may have gleaned your email address as a result of their snooping, you are somewhat more likely to be on the receiving end of phishing emails in the weeks and months ahead.  Be on your guard against that.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, and nonprofit companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business