Microsoft said Monday that an incident reported over the weekend about an unknown attacker using a customer support agent’s credentials to access email content belonging to users of MSN, Outlook, and Hotmail accounts, affected only a limited number of users. Microsoft said the attackers had not accessed or viewed the actual content of the emails or attachments. Microsoft immediately disabled the stolen credentials preventing further misuse the company said. In later comments, Microsoft admitted that the intruders had actually accessed and viewed email content in some cases. The relatively scant details from Microsoft about the intrusion is prompting questions about how attackers might have obtained the credentials, why the breach remained undetected for close to three months.”]
Source: https://www.darkreading.com/attacks-breaches/microsoft-downplays-scope-of-email-attack