Microsoft says miscreants accessed some of its customers’ webmail inboxes and account data after a support rep’s administrative account was hijacked.
The Redmond software giant has sent Hotmail, MSN, and Outlook cloud users notifications that the unnamed customer support rep’s account was compromised by hackers who would have subsequently gained “limited access” to certain parts of some customer email accounts, including the ability to read messages in particular cases.
In the alert, Microsoft warns its punters that, between January 1 and March 28 of this year, the attacker, or attackers, would have had the ability to extract certain information from their inboxes, including the subject names of messages, folder names, contact lists, and user email address. The intrusion was limited to consumer (read: free) Microsoft email accounts.
While the aforementioned leaked notification claims the hackers would not have been able to read the content of messages, Microsoft would later admit – after media reports over the weekend – that the intruders could have accessed the contents of messages belonging to a subset of those impacted by the admin account hijacking.
Wait – support guys can read your emails?!