We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.


When you click on a retailer link on our site, we may earn affiliate commission to help fund our not-for-profit mission.Find out more.

15 Apr 2019

Microsoft email hack: what you need to know

Some people who use email addresses managed by Microsoft have had their inboxes hacked

Some people who use email addresses managed by Microsoft have had their accounts breached by hackers.

Email addresses from Outlook, MSN and Hotmail were among those affected by the email hack.

The tech giant says the contents of some emails were exposed by the attack which affected a 'limited' number of people.

The majority of people affected have already been sent an email from Microsoft urging them to reset their password out of caution.

Read more: your rights when you're part of a data breach

What happened in the Microsoft email hack?

According to the email Microsoft sent affected users, a support agent's credentials were compromised which gave hackers access to information within email accounts.

This included email addresses, folder names, subject lines and other email addresses in compromised inboxes.

In the email, Microsoft said the hackers didn't have access to the actual contents of emails.

But a spokesman has now confirmed about 6% of those involved could have also had the contents of their emails accessed and read.

The attack spanned between January and March this year.

In the email to users, Microsoft said it has no idea why hackers looked at the inbox information or how it might have been used.

I was part of the Microsoft email hack: what should I do?

If you were affected by the Microsoft email attack, you should now have been sent an email alerting you to this.

Microsoft said affected users might get phishing or spam emails as a result of being involved in the attack.

It is urging those people to look out for emails:

  • with misleading domain names,
  • that request personal information or payment, and
  • any unsolicited requests from untrusted sources

Microsoft said it regrets any inconvenience caused, is hardening its systems and has increased detection and monitoring for the affected accounts.

What to do if you're part of a data breach

If you've been part of a data breach, it's important you're on high alert for scams asking you for personal details or payment.

This could be anything from emails to texts to phone calls.

If you're contacted by someone asking for personal or payment details, take steps to confirm their identity by asking to confirm who they are and ask them details about your account.

If you're sent an email or message with links, don't click on them. Open your browser and search the information independently online.

Read more: how to spot a scam

If your password wasn't part of the breach, you don't need to change it, but you may wish to for peace of mind.

You can read our advice on how to make strong passwords.

It's also a good idea to enable two-step verification for another layer of security for your account and to update your antivirus software on your account.

You should also keep an eye on your bank accounts and credit report and contact your bank immediately if you see anything suspicious.