Some people who use email addresses managed by Microsoft have had their accounts breached by hackers.
Email addresses from Outlook, MSN and Hotmail were among those affected by the email hack.
The tech giant says the contents of some emails were exposed by the attack which affected a ‘limited’ number of people.
The majority of people affected have already been sent an email from Microsoft urging them to reset their password out of caution.
What happened in the Microsoft email hack?
According to the email Microsoft sent affected users, a support agent’s credentials were compromised which gave hackers access to information within email accounts.
This included email addresses, folder names, subject lines and other email addresses in compromised inboxes.
In the email, Microsoft said the hackers didn’t have access to the actual contents of emails.
But a spokesman has now confirmed about 6% of those involved could have also had the contents of their emails accessed and read.
The attack spanned between January and March this year.
In the email to users, Microsoft said it has no idea why hackers looked at the inbox information or how it might have been used.
I was part of the Microsoft email hack: what should I do?
If you were affected by the Microsoft email attack, you should now have been sent an email alerting you to this.
Microsoft said affected users might get phishing or spam emails as a result of being involved in the attack.
It is urging those people to look out for emails:
- with misleading domain names,
- that request personal information or payment, and
- any unsolicited requests from untrusted sources
Microsoft said it regrets any inconvenience caused, is hardening its systems and has increased detection and monitoring for the affected accounts.
What to do if you’re part of a data breach
If you’ve been part of a data breach, it’s important you’re on high alert for scams asking you for personal details or payment.
This could be anything from emails to texts to phone calls.
If you’re contacted by someone asking for personal or payment details, take steps to confirm their identity by asking to confirm who they are and ask them details about your account.
If you’re sent an email or message with links, don’t click on them. Open your browser and search the information independently online.
Read more: how to spot a scam
If your password wasn’t part of the breach, you don’t need to change it, but you may wish to for peace of mind.
You can read our advice on how to make strong passwords.
You should also keep an eye on your bank accounts and credit report and contact your bank immediately if you see anything suspicious.