18 Apr 2019
Reports from Techcrunch a few days ago stated that an email breach occurred between January 1st and March 28th at Microsoft. The breach exposed email addresses and subject lines of an unknown number of accounts, but no actual email content. Microsoft states that a customer support representative’s account credentials were compromised which allowed access to accounts. Microsoft disabled the credential as soon as they discovered the problem. Unfortunately, further investigation by Motherboard revealed that intruders did, in fact, have access to full email contents.
Motherboard’s source provided a redacted screenshot showing the full content of an email, which the publication then showed Microsoft. Other screenshots provided by the source included account information, birth dates, calendars and login histories—an indication that that compromised account likely belonged to a very high privileged user.
Yet Microsoft maintains its stance. “Our data indicates that account-related information (but not content of any emails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” the Microsoft notification says.
Despite lingering questions regarding the incident and conflicting reports, Microsoft is also sticking to their initial assessment that the breach lasted no more than three months. They have also warned users to change their passwords and be on the lookout for phishing and spam emails.
Jeremy Kirk of Databreachtoday stated that Motherboard’s source also claimed that the leaked information could be leveraged to un-pair Apple devices from iCloud accounts, though no reports confirm this suspicion.