Microsoft has begun notifying some Outlook.com users that their email accounts have been accessible “for months” and requesting that the passwords be changed.
“Microsoft has already resolved the problem, but has not confirmed the number of affected users.”
The company acknowledges that it has discovered a security flaw in its mail service that would have allowed unauthorized access to some of the users’ accounts between January 1st and March 28th of this year.
According to Microsoft, cybercriminals could have seen users’ email addresses, the name of the files they had created as well as the title of their emails. Of course, the content of the emails could not have been seen, always according to the company, nor the attachments that contained.
However, the company has not been clear about the number of users who may have seen their accounts compromised. Neither has it expressly indicated who has been able to access the information of the users.
In an official statement sent by mail to affected users Microsoft has only limited to point out that “according to your data, information relating to the accounts of some users – not the content of any email – could have been seen by third parties.”
Microsoft says it has no more data and does not know why someone would have wanted to see that information. Nor is he aware of why they would have used it.
At least, the company claims that cybercriminals have not had access to users’ passwords or other personal information. In any case, he recommends that passwords be changed as a precaution and apologizes for any inconvenience that might have caused the issue to users.
According to Microsoft, the ruling that allowed illegitimate access has already been resolved, because the compromised credentials have been deactivated and unauthorized access has been blocked. Still, it would be interesting to know the number of accounts that have been compromised.