Microsoft webmail breach exposed email addresses and subject lines

Email content and logins were safe, however.

Sponsored Links

Jon Fingas/Engadget
Jon Fingas/Engadget

You'll want to keep an eye out for suspicious activity if you use Microsoft's webmail services. The company has confirmed to TechCrunch that "cybercriminals" compromised a "limited number" of its web-based email accounts between January 1st and March 28th by using a customer support rep's credentials. The breach didn't expose sign-in details or message contents, but it did offer access to email addresses (including names of addresses in conversations), subject lines and custom folder names.

It's not certain how many people were affected, or where the largest group of victims was. Some of them were likely in the European Union, though, as Microsoft is offering contact info for its data protection officer. Enterprise customers also weren't involved. The tech firm's email offerings include everything from modern accounts through to legacy Hotmail and MSN addresses.

This is unlikely to be as far-reaching as the breach that touched on more than 772 million email addresses, but it's still a substantial violation of privacy. The attackers could theoretically use this not just for spam, but to piece together details of users' personal lives and rely on that for fraud and identity theft.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget