So, a megacorporation that handles sensitive private data admits that hackers had access to around 6% accounts for almost 3 months. If that doesn't sound shocking enough, numbers are probably even worse than they are willing to admit.
Having your email opened by people with ill intent is never a good thing, especially if that mail is connected to your PayPal or banking accounts. At first, Microsoft reported that hackers could not see the content of the emails you've exchanged. However, later they admitted that hackers had complete access to emails, their content, attachments, folder names, email subject lines, and recipient email addresses.
If you're thinking that it's the fault of the account owners for not choosing more complicated passwords, your assumption would be fairly reasonable but incorrect. The way hackers managed to get hold of so many accounts could not have been done by brute force.
As reported by Microsoft, sometime between January 1 and March 29 this year, a hacker, or a group of them, gained access to the account of a Microsoft support agent and by that, they gained the access to all the above-mentioned data.
Does that warn you? Because it should.
This statement means that Microsoft employees have access to all your data at all times. The information you have on their servers can we internally viewed.
This leaves way too many backdoors and passages a hacker can use to get hold of your data. Once you send an email, it first has to go to Microsoft's servers, that is the first open door for any hacker to read what you're sending because the information is not encrypted.
It doesn’t matter if you compose a 50 letter password if the hackers gain access by abusing all the loopholes your email service provider has left, protection of your security is not in your hands anymore.
That is unless you're willing to ditch your old provider and switch to more reliable and safe alternatives. One of the ways to put the security of YOUR data back into YOUR hands is to use email service providers which are based on high-level end-to-end encryption and zero knowledge servers.
Tutanota and ProtonMail and email service providers which are based purely on your email communication security. Getting used to these alternatives will be much simpler than one would assume. Besides being designed to provide high levels of security they are also designed to be simple to use and appealing.
End-to-end encryption is not magic and it's been around for a really long time now. It means that the data you're sending, receiving, viewing can be seen only by you and the recipient. This way no support agents can see your information – to be precise, not even the owners of those companies can see your emails.
Security is in your hands. The only way to gain access to those files is with the password you chose for yourself. If somehow Tutanota's or ProtonMail's servers get hacked – remember, we are talking about a whole server being hacked, not just one profile with higher authority – the hacker still wouldn't be able to see your emails.
The best part about both these alternatives is that they are still free to use just like previously mentioned Outlook. The only limitation is the memory which can be upgraded by paying for higher capacity.
I could go on in covering this latest incident and the reasons why you should care about the privacy of your emails but one thing we suggest you do right now is to change your Outlook password. Microsoft has been secretive about the whole issue ever since it was uncovered, it wouldn't come as a surprise if there were even more security issues.