It’s probably rare to see @msn.com or @hotmail.com or even the newer @outlook.com these days but users of these long-standing email accounts do exist. They may show their age but now they might also be showing something else. Microsoft has recently acknowledged and sent warnings to Outlook.com users about a security breach that allowed hackers to pilfer no small amount of data. Unfortunately, it seems that Microsoft wasn’t admitting to everything and the reach of this compromise is actually worse than it let on.
For one, it wasn’t just Outlook.com accounts that were affected. Even the older Hotmail and MSN accounts had their info exposed, unsurprising considering how these three names are almost like aliases to one each other anyway. More worrying, however, is the fact that hackers were able to read e-mail content, not just subject lines, something Microsoft initially denied.
That information came from a source who reached out to Vice’s Motherboard last March, a month before Microsoft’s public admission. The source reveals that consumer accounts were the ones most affected as enterprise customers were protected against the tool that was used to hack into Outlook accounts.
That tool, which belonged to a high-ranking customer support employee, actually had access to more content than Microsoft told affected accounts. The source showed Motherboard proof that hackers gained access even to content inside emails, contrary to the company’s initial claim. Microsoft later confirmed the fact but clarified that only 6% of the total number of affected accounts had their content read. That said, it doesn’t reveal exact numbers.
Microsoft’s email says that the attack had been ongoing for three months but the source claims that it all occurred within six months. At this point, no one’s sure what else Microsoft isn’t telling affected users.