Microsoft tried to calm users' concerns by saying that only "your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with" had been accessed.
Hackers were in fact able to access email content from "a large number" of Outlook, MSN, and Hotmail email accounts, Motherboard reported Sunday.
Microsoft's Outlook.com service has been the subject of a pretty serious hack in recent weeks.
According to an e-mail sent to the majority of affected users and then posted online, the firm said a Microsoft support agent's credentials were compromised, potentially allowing unauthorised access to some account information.
However, responding to an article in the online Vice website Motherboard, Microsoft confirmed that some users were advised that the content of their emails may have been vulnerable to the hacker.
Microsoft's Outlook hack is worse than the company originally warned. Paid-for, enterprise accounts were unaffected-only consumer accounts were hit. "We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access", a Microsoft spokesman said of the incident.
Even though the software giant ensures that no login details or other personal information were stolen by the hackers, the company is recommending that affected users reset their passwords. The company did say that potential hackers could only read full email content for about 6% of affected Outlook users.
Now Motherboard report that the attack was actually much worse than Microsoft admitted, with a source able to offer them evidence such as screenshots which pre-dates Microsoft's confirmation. "Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as additional hardening of systems and processes to prevent such recurrence". Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.