Microsoft’s Outlook hack is worse than the company originally warned.
Despite Microsoft’s initial notification to affected Outlook users on Friday, a follow-up statement added that hackers were able to read email content.
The company first released a statement on Friday to Outlook users, notifying people that a hacker had had access to emails for months after stealing login credentials for a Microsoft customer support agent.
The breach, first reported by TechCrunch, allowed potential hackers to access people’s emails and read folder names, subject lines and names of other email addresses. Microsoft said it’s since disabled stolen access to the hacked customer support agent’s account.
The hacker had access to email accounts from Outlook, MSN and Hotmail between Jan. 1 and March 28, Microsoft said. The hack did not affect enterprise accounts, it added.
Microsoft did not respond to multiple requests for additional comment.
The company did not state how many people were affected, but said it was “a limited number of consumer accounts.”
In that notification, Microsoft said that no login credentials were stolen and that the attackers could not read the contents of emails.
Microsoft was forced to revise its statement after Motherboard found that the attackers had full access to email content. The company did say that potential hackers could only read full email content for about 6% of affected Outlook users.
In response to the breach, Microsoft is warning affected people to watch out for phishing emails, and recommends that people change their password. In a blog post from April, Microsoft said that it saw an average of 300,000 phishing attempts in February alone.