You'll want to keep an eye out for suspicious activity if you use Microsoft's webmail services. The company has confirmed to TechCrunch that "cybercriminals" compromised a "limited number" of its web-based email accounts between January 1st and March 28th by using a customer support rep's credentials. The breach didn't expose sign-in details or message contents, but it did offer access to email addresses (including names of addresses in conversations), subject lines and custom folder names.
It's not certain how many people were affected, or where the largest group of victims was. Some of them were likely in the European Union, though, as Microsoft is offering contact info for its data protection officer. Enterprise customers also weren't involved. The tech firm's email offerings include everything from modern Outlook.com accounts through to legacy Hotmail and MSN addresses.
This is unlikely to be as far-reaching as the breach that touched on more than 772 million email addresses, but it's still a substantial violation of privacy. The attackers could theoretically use this not just for spam, but to piece together details of users' personal lives and rely on that for fraud and identity theft.