Microsoft has admitted that email accounts for MSN.com and Hotmail, both services owned and managed by Microsoft, have had their accounts compromised sometime between January 1 and March 28, 2019. It appears that attackers were able to identify user’s email addresses, email folder names, email subject lines, and the email addresses of those with whom the account owner corresponded with. Microsoft was quick to point out that log-in credentials like passwords were not compromised.
While much is still unknown about this compromise, we know that if there is a vulnerability that allows an unauthorized user into your cloud services, that person has a much easier time of getting access to sensitive data. With that access, they can erase, steal, or otherwise do damage with. Organizations need context and behavioral analysis of activity in their environment to detect threats and understand anomalies that could signal a breach.
Learn more about how to prevent breaches and compromises in our latest Hack Report: Microsoft’s Hotmail and MSN Accounts Compromised Through User Credentials.