Microsoft Discloses Severe Email Accounts Breach That Lasted for Months

Written by Bill Toulas
Last updated July 14, 2021

An undisclosed number of Microsoft accounts concerning users of Outlook Email, Hotmail, and MSN have been breached by hackers, following the compromise of a high-privileged customer support user account. According to a report by the Motherboard, who have been gathering information about the incident since last month, there is a certain amount of controversy between what Microsoft admits to and what their secret inside sources have shared with them. More specifically, the type of information that the hackers managed to access, as well as the duration of the breach are far more grave than what Microsoft concedes.

More specifically, in the notification email that Microsoft customers received, the tech giant maintains that they have identified that one of their support agent’s credentials have been compromised, enabling outsiders to access and view information related to email accounts belonging to customers, but not corporate clients. The accessible information includes the email address, folder names, subject lines of e-mails, and the names of other e-mail addresses the customers communicated with. In the same message, they made it clear that no email content could be accessed by hackers. Finally, the date of the breach is defined to span between January 1st, 2019 and March 28th, 2019. Microsoft affirms that they have addressed the scheme, and the number of consumer accounts was characterized as a “limited subset”.


image source:

However, the situation could be far dire than what the company’s communications department would like to convey to the public. According to inside sources that have been sharing vital information about the incident with Motherboard, the hackers had access to the “Email Body” panel as well, which practically means that they could read the contents of the e-mails of the affected accounts. When the website presented this evidence in the form of a screenshot, Microsoft replied by clarifying that there was indeed a far smaller number of customers who were impacted by this additional access level and claimed that they have received the corresponding notification messages.

Was this a piece of dishonesty evidence, a decision to cover information that concerns a very small number of people, or just a moment of negligence? The same inside sources claim that the period of the account access by the hackers spans to a more extensive one than what Microsoft confessed. The source says March was the time that the company discovered the breach, but the evidence indicated at least another three months of malicious monitoring. This makes up for a total of about six months, which is substantially different than what was officially disclosed. Moreover, and on the condition that the sources are indeed truthful, two cases of negligence concerning the same incident don’t nominate Microsoft for the most transparent and honest company out there.

Have you received one of the notifications about your Microsoft account? Let us know of their content by sharing the crucial pieces in the comments section below, and feel free to share a screenshot on our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: