Unauthorized parties penetrated Microsoft Outlook and Hotmail for almost three months, gaining access to email addresses, subject lines and email addresses communicated with by users, Microsoft has alerted account holders.
"We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account," Microsoft writes, according to media reports.
It adds: "Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access."
The unauthorized access took place between January 1 and March 28 of this year.
The potential exposure does not include content and attachments of emails. Nor have login credentials been revealed, although users should change their passwords, Microsoft writes.
However, Microsoft warns customers to "be careful when receiving any emails from any misleading domain name, any email that requests personal information or payment, or any unsolicited request from an untrusted source."
TechCrunch reports that Microsoft confirmed the incident and said a limited number of accounts were affected.
"We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access," a Microsoft spokesperson told TechCrunch.