The target: Microsoft’s personal e-mail service, Outlook.com.
The take: E-mail accounts under the Outlook.com, Hotmail.com, and MSN.com domains were compromised – while Microsoft has offered that ‘only 6%’ of accounts were compromised, they would not confirm the number of accounts that percentage represents. While they initially denied that the attackers had access to customers’ inboxes beyond contacts, folder names, and subject lines, it was later confirmed that email contents could have been viewed.
The attack vector: Attackers were able access Microsoft’s infrastructure by compromising the credentials of a customer support representative.