Microsoft has confirmed that a hacker – or group of hackers – has broken into a customer support account for the company before gaining access to information related to customers’ email accounts.

Hackers were reportedly able to access email content from a large number of Outlook, MSN, and Hotmail email accounts. The compromise has not affected Office 365.

Victims have been told details accessed could include email folder names, subject lines and contacts. Microsoft has also said content in the body of messages was also vulnerable.

Users who think they may have been affected by this incident should read guidance published about the phishing threat following data breaches.


Social media “likes” ban

The Information Commissioner’s Office (ICO) has proposed new rules that would limit under-18s “liking” posts on their platforms, while Snapchat could be prevented from allowing the age group to build up “streaks”.

The ICO believes the tools encourage users to share more personal data and spend more time on apps than desired.

The proposal is part of a 16-rule code, which also includes:

  • making privacy settings high by default
  • switching location-tracking off by default
  • providing clear explanations about how users’ personal data is used

The ICO suggests if the code is not followed, firms could face fines of up to 20 million euros (£17.2m) or 4% of their worldwide turnover under the General Data Protection Regulation (GDPR).


Instagram users warned of ‘nasty list’ phishing scam

A new phishing scam is targeting Instagram users, which could lead to a hijacker taking control of their accounts. 

It’s thought the scam begins with a direct message from an account users follow, telling them that they’re featured on a “nasty list”. A link within the message will then lead them to one of several profiles highlighting this list (an example found included @the_nasty_list_848). 

Clicking on the links within the profile will take users to an official looking Instagram page where they can ‘log in’, but by entering credentials a hacker can take control of their account and use it to send more ‘nasty list’ messages to their followers. 

Phishing is a technique where untargeted messages or emails are sent to people asking for sensitive information such as bank details (or, in this case, login details) or encouraging them to visit a fake website.