Microsoft has also added that besides having unauthorized access to some accounts, hackers could have also viewed account email addresses, folder names and subject lines of emails. However, hackers could not see the contents of the emails or attachments, according to the company. As of now, it is not clear how many users have been affected because of this breach or who all were involved in obtaining access to email accounts on Outlook.com. In the email Microsoft sent to affected users, the company said, “Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.”
While the hackers were not able to steal login details or other personal details of these users, Microsoft has recommended all the affected users to reset their passwords. This is reasonable because practising basic online hygiene is absolutely necessary at the time of a data breach. The security notification sent by the company says, “Microsoft regrets any inconvenience caused by this issue. Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence.” The security incident has surfaced just weeks after a former security researcher pled guilty of attacking Microsoft and Nintendo servers. In that particular case, the development servers of Microsoft Windows were breached for a few weeks in January 2017. This breach enabled hackers across Europe to access pre-release versions of Windows. The software giant has confirmed the breach in a statement, however, it has not revealed the exact number of accounts on Outlook.com that have been affected because of it. Microsoft spokesperson said in a statement to technology website The Verge, “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”