The Turkish branch of software giant Microsoft applied to a state data protection watchdog over "unauthorized access" to the emails of 1,820 Turkish citizens.
The company acknowledged that online ID of a support center executive of the company was illegally obtained and the culprit or culprits managed to access the email accounts of 1,820 people.
Data breach disclosure is required under Turkish laws, and Microsoft made the disclosure to the state-run Personal Data Protection Agency (KVKK). The disclosure says ID information about a support center executive working for a Microsoft service provider was compromised, and this gave access to a person or persons not affiliated with Microsoft to Microsoft users. The company said the unidentified executive violated company policy and shared their login information with 13 others working under them.
"The data breach was either the result of one of those people with shared login information being exposed to online fraud or his/her personal action to that extent," the company said, announcing that the login information was immediately deleted after the breach was detected.
"An estimated number of 1,820 people in Turkey were affected by the breach, and it was likely that the breach gave access to the email's address line, names of folders, subject titles between Jan. 1, 2019 and March 28, 2019," the company's statement to the watchdog said. It warned that although those with access to the emails would be unable to see the contents, contents of emails sent and received by "very few" users might be exposed to the breach, and there was a possibility of phishing attacks targeting those users. The Personal Data Protection Agency has launched an investigation into the incident.