Microsoft has admitted that hackers had access to some of its Outlook, Hotmail and MSN email accounts for at least three months.
The software company would not say how many accounts were compromised in the breach that lasted from 1 January to 28 March.
Hackers stole login credentials for a Microsoft customer support agent and were able to access people’s emails and read subject lines, folder names and other email addresses.
A Microsoft spokesperson said: “We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”
The company said the hackers would not have been able to access the email content of the majority of users affected.
However, it said a small group of less than six per cent of those affected was provided with additional support as their emails could have been accessed.
The company said it had ramped up monitoring of the affected accounts as a precaution.
It said that while passwords had not been stolen, users should update their log-in details.
It also warned of a possible increase of phishing attacks and warned users to be vigilant.
Dave Palmer, director of technology at cybersecurity firm Darktrace, said: “As digital defences ramp up in sophistication, hackers are increasingly opting for social engineering techniques, in this case targeting a member of tech support at Microsoft in order to abuse their privileged access. This time, it looks like some users have had metadata about their email account stolen (e.g. who they contact) and a handful may have had their emails read.
“Whilst enterprise accounts have been spared in this hack, the same underlying risk applies to businesses that use third party cloud email providers. Cloud email services offer a plethora of benefits but are becoming increasingly lucrative targets as they are used to host thousands of companies’ sensitive information.”