For some users, that Microsoft webmail breach was worse than first thought. Microsoft has confirmed a Motherboard source’s claims that the hackers had access to a portion of the email content, not just email addresses and subject lines. About 6 of the affected users had their messages exposed, according to a spokesperson. It’s not clear if the intruders read the email before Microsoft blocked access, but the company told the The Verge in a statement that the subset received “additional guidance and support.”
The same source also claimed that the hackers had access for “at least six months,” although Microsoft disputed this and maintained that the culprits’ access lasted between January 1st and March 28th. The attack was apparently part of an effort to hijack the accounts of iCloud users, making it possible to disable the Activation Lock that prevents thieves from wiping a stolen iOS device’s data.
It’s still not certain how many people were victims of the breach. Microsoft has only said there were a “limited number” of compromised accounts. However, Microsoft has hundreds of millions of webmail users with Outlook.com, Hotmail and MSN accounts. Even a fraction of a percent could still represent a large number of compromised accounts.