Microsoft Claimed a Security Breach Didn't Compromise Email Messages -- It Did

[InfoSec News <alerts () infosecnews org>]

https://gizmodo.com/microsoft-claimed-a-security-breach-didnt-compromise-em-1834056229

By Dell Cameron
Gizmodo.com
April 15, 2019

A series of security reports published over the weekend have raised serious 
concerns about Microsoft’s transparency in the wake of a recent data breach.

On Saturday, TechCrunch reported that hackers had gained access to the 
company’s email service after compromising a customer support account. 
Microsoft has confirmed that a people using MSN.com, Hotmail.com, and 
Outlook.com accounts were affected, though it’s unclear how many.

The company contacted at least some affected users and assured them that the 
“content of any e-mails or attachments” had not been accessed. Regardless, it 
asked them to change their passwords.

The breach, Microsoft said in an email to some customers, was limited to some 
metadata, including folder names and email account names, plus some limited 
content, e.g., the subject lines of emails. In a statement to TechCrunch, it 
also described the number of accounts affected as “a limited subset of consumer 
accounts.”

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_