Hackers Use Microsoft Help Desk to Pull Off Massive Email Breach


By Jack M. Germain
Apr 16, 2019 10:31 AM PT

Hackers piggybacked onto a Microsoft customer support portal between Jan. 1 and March 28 to gain access to the emails of noncorporate account holders on webmail services Microsoft manages, including MSN.com, Hotmail.com and Outlook.com.

Microsoft has confirmed that a “limited” number of customers who use its Web service had their accounts compromised. However, as more details have surfaced, it appears the intrusion may have been more widespread than implied.

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” Microsoft spokesperson Elissa Brown told the E-Commerce Times.

Microsoft sent email notices to affected users over the weekend reporting that “bad actors” potentially had been able to access their email addresses, folder names, the subject lines of emails and the names of email addresses the user contacted.

“Out of an abundance of caution, we also increased detection and monitoring for the affected accounts,” Brown said.

The hackers could not see the content of any emails or attachments, or login credentials like passwords, according to Microsoft.

The hackers got into the system by compromising a customer support agent’s credentials, according to