"Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used", the company wrote in an email.
On Saturday TechCrunch reported that Microsoft's Outlook.com web service has been breached for around 3 months, between January and March 2019, after "cybercriminals" managed to acquire the credentials of a customer support rep. With these credentials the hackers could use Microsoft's internal customer support portal, which offers support agents some level of access to Outlook.com accounts.
Microsoft sent a warning to Outlook users detailing a hack that lasted from January 1 to March 28.
According to Motherboard, Microsoft sent a separate email alert to about 6% of the affected users, informing them that their email content had been compromised.
The hack is apparently the outcome of hackers gaining access to customer support account for Outlook.com, a tool that does give support agents full access to Outlook.com emails.
However, Microsoft said the hackers could only see the user's email address, folders, and subject lines of messages (as well as addresses the user has emailed), but that they couldn't actually read the contents of an email, or view attachments (or indeed gain access to the login credentials of the account). Enterprise accounts were not affected, per Motherboard's source. In other words, the hackers aren't much interested in the email accounts per se; they just want to get their hands on those important reset-request emails so that they can boost the value of their stolen phones. Without providing numbers of those affected, it's known that at least some of them were in the European Union, meaning that the data breach will fall under the purview of the EU General Data Protection Regulation.
The company added that although password information had not been affected, it encouraged users to change their log-in details "out of caution".