Microsoft has confirmed to TechCrunch hat a certain “limited” number of people who use web email services managed by Microsoft (such as @msn.com and @hotmail.com) had their accounts compromised. The breach happened between January 1 and March 28, 2019.
According to an email Microsoft has sent out to affected users, malicious hackers were potentially able to access an affected user’s email address, folder names, the subject lines of emails, and the names of other email address the user communicates with. Microsoft says the hackers were not able to access the content of any emails or attachments or login credentials like passwords.
Microsoft recommends that affected users change their password. No enterprise customers are affected by this breach.
The Verge reported that Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this year.
According to The Verge, the security breach happened weeks after a former security researcher pled guilty to hacking into Microsoft and Nintendo servers. Microsoft’s Windows development servers were breached for a number of weeks in January of 2017, allowing hackers across Europe to access pre-release versions of Windows.
The Verge has an image of the email that Microsoft sent to people who had their email accounts breached. TechCrunch has the full text of the letter in their article. If your email account was affected, then you likely have already received that email.
In general, it is a good idea to change your email passwords from time to time. Most people are tech-savvy enough to spot questionable emails and know that they should not click on any link those sketchy emails contain. That said, there will be people who cannot tell the difference and who get phished.
The best solution to prevent hacking would be for big companies like Microsoft to put more effort into preventing hackers from breaching people’s email accounts.