Microsoft said an attacker gained access to one of its customer service representatives and then used information from it to launch hacking attempts against customers.
Microsoft found the vulnerability during its response to hacks by a team that identified it as responsible for previous hacks at SolarWinds and Microsoft.
Reportedly, the attacker belonged to the Nobelium group and had broken through the system in the second half of May.
Microsoft said it had warned affected customers.
In addition, Microsoft also found the breach of its own agent, who was able to view billing contact data and which services customers were paying for, among other things.
Microsoft warned affected customers to be vigilant when communicating with their billing contacts, change usernames and email addresses, and prohibit old usernames from logging in.
Microsoft said that it knew of three companies that had been compromised as part of the phishing campaign.
A White House official said the recent hacking and phishing campaign was far less serious than the SolarWinds fiasco.
For more information, read the original story in Reuters.