Hackers could read non-corporate Outlook.com, Hotmail for six months

Late on Friday, some users of Outlook.com/Hotmail/MSN Mail received an email from Microsoft stating that an unauthorized third party had gained limited access to their accounts, and was able to read, among other things, the subject lines of emails (but not their bodies or attachments, nor their account passwords), between January 1st and March 28th of this year. Both hackers and Microsoft’s breach notifications say that access to customer accounts came through compromise of a support agent’s credentials. With these credentials the hackers could use Microsoft’s internal customer support portal, which offers support agents some level of access to Outlook.com accounts.

Source: arstechnica.com