Emails contain a lot of sensitive information, so it’s one of the last things people want hackers to have access to. Unfortunately, in 2019 between January 1st and March 28th, hackers were able to gain access to email accounts on Microsoft’s Outlook.com, as reported by The Verge.

This breach — which includes @msn.com and @hotmail.com email services — happened due to a customer support agent’s credentials being compromised, TechCrunch reported.

Microsoft’s Information Protect and Governance team told TechCrunch:

Microsoft recently became aware of an issue involving unauthorized access to some customers’ web-based email accounts by cybercriminals. We addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators’ access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts. 

It’s not actually clear how many users were impacted by the breach, but things have gotten worse since the original report. At first, Microsoft emailed users saying that “account-related information (but not the content of any e-mails) could have been viewed,” according to The Verge.

However, a source told Motherboard that the hackers could access email folder names, subject lines of emails, the names of other email addresses, some account information, and the content of emails.

Microsoft confirmed the source’s claim and told Motherboard that only about six percent had their messages exposed. Without knowing how many users were affected, there’s no way to know what six percent looks like.

It’s not a small thing to have users’ accounts accessed by hackers. There are still more questions than answers, especially concerning how many users were affected and where they are located.

Although there’s no reports that people’s passwords were compromised, users are being encouraged to change them, just in case.