Skip to Content
Security & privacy

Microsoft hack gave cybercriminals full access to your email content

Have you been recently notified by Microsoft that unauthorized parties may have accessed your email account and that you should reset your password?

Well, if you received this message, you should take Microsoft’s advice and reset your account password immediately.

Why? It looks like, contrary to what was previously reported, hackers didn’t just have the ability to read folder names, subject lines and names of other email addresses, they were also able to read email content. This, obviously, puts the security and privacy of your emails at risk.

How did the Outlook email breach happen?

According to Microsoft, one of its support agent’s credentials were apparently compromised, allowing individuals to gain unauthorized access to Microsoft email accounts. The hackers had access to the affected Outlook, MSN and Hotmail accounts between January 1 and March 28.

To protect email account owners, Microsoft immediately disabled the compromised agent’s credentials and blocked the hacker’s access.

Microsoft did not specify how many people were affected by the incident, but said it was “a limited number of consumer accounts.” The company also said that Enterprise accounts were not affected.

Initially, Microsoft said the breach may have allowed unauthorized parties to “access and/or view information” related to affected email accounts (including folder names, subject lines of emails, and names of other email addresses) but not their contents.

But now, it looks like it’s worse than what was previously revealed. In a follow-up statement, Microsoft admitted that hackers actually had access to email content for around 6% of affected users.

Yep, this means hackers may have accessed private and confidential emails of thousands of Microsoft email accounts. If you have one of the affected accounts, please reset your password immediately.

Microsoft’s response

We reached out to Microsoft for an official statement and its spokesperson had this to say:

We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.

“Our notification to the majority of those impacted noted that bad actors would not have had unauthorized access to the content of emails or attachments. A small group (~6% of the original, already limited subset of consumers) was notified that the bad actors could have had unauthorized access to the content of their email accounts, and was provided with additional guidance and support.

“Out of an abundance of caution, we also increased detection and monitoring for the affected accounts.”

How to protect your email accounts

After breaches like this, changing your email account password is just the first step. Here are more tips on how to secure your account:

  • Change your password – Whenever you hear news of a data breach, it’s a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
  • Check HAVEIBEENPWNED – this site will tell you if your information has been stolen in a previous breach.
  • Beware of phishing scams – Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
  • Manage passwords – Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you’re using the same credentials on multiple sites, change them to make each unique. If you have too many accounts to remember, you could always use a password manager.

In other Microsoft news, Internet Explorer exploit is putting you at risk

If you are still using Internet Explorer, you may want to switch to another browser very soon. Microsoft’s infamous browser is not just known for its susceptibility to hacks but it can also put your entire PC at risk.

Security researcher John Page has disclosed another unpatched security flaw in Internet Explorer that attackers can exploit to spy on Windows users and even steal their local files. The exploit appears to be in Internet Explorer’s handling of MHT web archive files.

And watch out, you don’t even have to actively use Internet Explorer for the hack to work. Having it installed on your PC is enough to initiate an attack. The flaw is not limited to older PCs either since it affects Windows 7, Windows 10 and Windows Server 2012 R2.

So what can you do about it? Well, since this flaw is already publicly known, it can put Internet Explorer users at risk. More importantly, Microsoft is not addressing the vulnerability immediately but is planning on rolling out a patch in a future release.

How to remove Internet Explorer from your PC

For your safety, please uninstall Internet Explorer immediately by following these steps:

1. Go to Settings >> Apps >> Apps & features.

2. Here, under “Related settings,” click on “Program and Features” on the right pane.

3. On the next window, select “Turn Windows features on and off.”

4. Now, uncheck “Internet Explorer 11.” Click “OK” then “Yes” to confirm. 


5. Restart your PC for the changes to take effect.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook