Cybercriminals have compromised a "limited" number of Microsoft email accounts, the software giant has told customers.
Microsoft told customers that one of its support agent's credentials were comprised, allowing cybercriminals to access and view information such as email addresses, folder names, subject lines and other email addresses with which users interacted. The company noted that the contents of emails or attachments were not accessed.
The breach took place between 1 January and 28 March. Microsoft said it immediately disabled the compromised credentials when it became aware of the breach, prohibiting further access.
Microsoft didn't specify how many accounts were compromised, other than telling TechCrunch that "a limited number of consumer accounts were impacted, and we have notified all impacted customers."
Though Microsoft said user credentials were not impacted, it nonetheless advised users to reset their email password.
"You should be careful when receiving any e-mails from any misleading domain name, any e-mail that requests personal information or payment, or any unsolicited request from an untrusted source," Microsoft told affected customers via email.