Last Saturday, Microsoft confirmed to TechCrunch a security breach in its mail service, which includes Hotmail, Outlook and MSN accounts, which allowed unidentified hackers to have accessed users' content such as the subject or mail owner. , as well as the names of the people to whom the mail was addressed and the names of the mail folders, according to Microsoft.
Today, according to new information obtained by Motherboard, this security breach was larger than previously thought, since the attackers would have had full access to the Hotmail, Outlook and MSN accounts, that is, from the contents of the emails, up to calendars, user profiles and logins of logins.
There is no information on the number of affected
According to the statements of Microsoft, an undetermined number of users saw their accounts compromised between January 1 and March 28, 2019, after a group of hackers had access to a customer support account, the which allowed them to access this information.
Microsoft states that the content of the emails as well as the attachments were not affected in this security breach, and that once the intrusion was detected, the credentials were deactivated. They also confirm that no password of the affected users was stolen.
"We identified that the credentials of a Microsoft support employee were compromised, which allowed non-Microsoft people to access the information within the email accounts."
Img Src
Now, Motherboard claims to have another version, since, according to its sources, the scope of this intrusion was much greater and spanned at least a period of six months. And, contrary to what Microsoft says, hackers would have had access to all mail content, including attachments, and would only have affected free accounts and not those of payment or corporate.
In fact, Motherboard claims that the stolen credentials belonged to a support user with high privileges, who might even have had access to accounts of other support agents to expand the scope of the attack.
Given this, Microsoft confirmed that this gap affected approximately 6% of users, but did not offer an exact figure. On the other hand, Redmond's company rejected the information that the attack was present for at least six months, as stated by Motherboard.