News

Microsoft Will Notify Users Targeted by State-Sponsored Cyberattacks

• By Jeffrey Schwartz
• 01/06/2016

Microsoft last week announced that they will inform customers if their online and cloud accounts have been targeted or compromised by representatives of nation states.

The company revealed its decision to notify Microsoft Account holders of state-sponsored attacks Dec. 30, in wake of several other leading providers doing so including Facebook, Twitter and Yahoo.

The announcement came following a report by Reuters that 1,000 Hotmail accounts were compromised in 2011 by representatives of the Chinese government. The accounts were used by Uighur and Tibetan leaders and diplomats from Japan and Africa, along with human rights lawyers and others, according to two former Microsoft employees who weren't identified by Reuters. Microsoft Spokesman Frank Shaw told the news service it had never confirmed the origin of those attacks. The report revealed that Microsoft hadn't informed the Hotmail users that their messages were collected.  

All Microsoft Accounts including Outlook.com (aka Hotmail) and OneDrive are covered by the new disclosure policy, said Scott Charney, corporate VP of Trustworthy Computing, in a blog post announcing the company's new disclosure policy.

"We're taking this additional step of specifically letting you know if we have evidence that the attacker may be 'state-sponsored' because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others," Charney wrote. "These notifications do not mean that Microsoft's own systems have in any way been compromised. If you receive one of these notifications it doesn't necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it's very important you take additional measures to keep your account secure."

Charney noted that Microsoft doesn't plan to disclose details about the attackers or their methods given the evidence collected could be sensitive. "But when the evidence reasonably suggests the attacker is 'state sponsored,' we will say so," according to Charney.

Charney advised customers can protect themselves by using two-step verification, watching for suspicious activity, refraining from opening suspicious e-mails or visiting questionable Web sites, using strong passwords and keeping software updated and patched.