Microsoft has sent an email out to a number of account holders to warn them that a support agent's login details were compromised and that it's possible limited parts of their email may have been spied on between 1 January and 29 March 2019 as a result.
However, responding to an article in the online Vice website Motherboard, Microsoft confirmed that some users were advised that the content of their emails may have been vulnerable to the hacker.
"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access", a Microsoft spokesperson said.
The case came into notice when the software giant discovered that credentials of a support agent were compromised for its Web mail service which led to unauthorised access into some accounts. The hack did not affect enterprise accounts, it added.
Microsoft sent a warning to Outlook users detailing a hack that lasted from January 1 to March 28.
Even if only a small number of users had their email contents breached, not being totally honest about the situation won't have done Microsoft any PR favors, and could see customers question any future statements from the company.
The hack is apparently the outcome of hackers gaining access to customer support account for Outlook.com, a tool that does give support agents full access to Outlook.com emails.
In that notification, Microsoft said that no login credentials were stolen and that the attackers could not read the contents of emails. Without providing numbers of those affected, it's known that at least some of them were in the European Union, meaning that the data breach will fall under the purview of the EU General Data Protection Regulation.
In response to the breach, Microsoft is warning affected people to watch out for phishing emails, and recommends that people change their password.