Microsoft has disclosed that it suffered a data breach in which email services that it operates, Outlook, MSN and Hotmail were compromised.  According to MIcrosoft, the hackers were able to leverage a customer support account to access the email accounts of a “limited” number of customers.  However, Motherboard, a multi-platform publication disputes Microsoft’s characterization of the number of affected customers and, without providing estimates, refers to the number of affected people as “a large number.”  Microsoft has said that the compromised information was limited to customers’ email addresses, email subject lines and frequent contracts although Motherboard reports that the hackers were able to access email content.  Microsoft has said that the unauthorized access to email accounts occurred between January 1, 2019 and March 28th although again, Motherboard disputes this and says that the data breach may have gone on for as long as six months.

If indeed the hackers were able to read the contents of the mails, any personal information such as Social Security numbers that may have appeared in emails could pose a significant threat of identity theft.  even if content was not accessible to the hackers, the email addresses of victims of the data breach and the email addresses of their frequent contacts could be used by the hackers to formulate specifically targeted spear phishing emails to lure unsuspecting people to click on links containing malware.


We are only as secure as the companies that have our information with the weakest security.  It is important for everyone to be aware of the danger of spear phishing and to never click on links in emails regardless of how trustworthy they may appear unless you have absolutely confirmed that the email is legitimate.  Spear phishing continues to be one of the biggest threats to your online security.  If you use Outlook, MSN or Hotmail, you should be particularly skeptical of email you receive and don’t click on links or download attachments unless you have confirmed their legitimacy.  Finally, if you don’t already do so, now would be a good time, regardless of whatever email server you use, to consider encrypting your email.  Outlook and other email providers provide options for encrypting your email, but a simple way to encrypt email is to use an encrypted email service such as Tutanota which is very popular.  Here is a link to their website.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”