Microsoft Corporation (MSFT) to Notify Users about Government-Sponsored Hacking

Microsoft Campus
A building on the Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington. (Stephen Brashear/Getty Images)

Microsoft Corporation (NASDAQ:MSFT) decided to start warning the users when it believes their accounts including and OneDrive have been compromised or targeted by government hackers.

The company made the decision after Reuters reported its failure to inform the victims of a hacking campaign by the Chinese government, which started in 2009. China’s hacking activities, which particularly targeted the international leaders of the Tibetan and Uighur minorities was discovered in 2011.

Microsoft’s security experts investigated the cyberattacks and concluded several years ago that Chinese authorities were behind the hacking of the Hotmail accounts of users. The company did not inform the users regarding the incident, according to its two former employees.

The former employees said the hackers targeted the Hotmail accounts of diplomats, human rights lawyers, and others holding sensitive positions inside China.

In a statement, the company explained that it cannot pinpoint nor the U.S. government could identify the sources of the hacking. Microsoft added that the attacks did not come from a single country.

Identifying unauthorized access to users’ Microsoft Account

In a blog post, Scott Charney, vice president, Trustworthy Computing at Microsoft said they are committed to helping users keep their personal information secure and private. According to him, identifying and preventing unauthorized access to their Microsoft Account is a primary part of their work.

“We’re taking an additional step today. We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state,” said Mr. Charney.

According to Mr. Charney, they already informed users, whose accounts appeared to have been compromised or targeted by a third party. They also provided measures for users to keep their accounts secure.

“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be “state-sponsored” because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised,” added Mr. Charney.

Furthermore, Mr. Charney said the evidence collected by Microsoft in any active investigation may be sensitive. The company has no intention of providing detailed or specific information about the hackers and their methods. However, Microsoft would tell if the hacking incident was government-sponsored.

Important steps to secure Microsoft Account

Mr. Charney gave the following advice to help users protect their Microsoft accounts and other online personal information:

  • Turn on the two-step verification, which would make it harder for hackers to access a user’s account because Microsoft asks for an extra security code aside from the password.
  • Use a strong password (a mixture of letters, numbers, and symbols) and it should not be a complete word, and must be different from the password used in other sites. Change the password often.
  • Watch suspicious activity on your account by checking the Recent Activity page on your Microsoft Account.
  • Be careful of suspicious emails and websites. Do not open e-mails or attachments from unfamiliar senders. Be careful when downloading apps or files from the internet, and be sure to know the source.
  • Keep your computer software, including your Web browser, up to date and run an up-to-date anti-virus program

Other technology giants including Facebook Inc (NASDAQ:FB), Twitter Inc (NYSE:TWTR), Yahoo! Inc. (NASDAQ:YHOO), and Alphabet Inc (NASDAQ:GOOGL) (NASDAQ:GOOG)’s Google have a similar policy on the matter. The search engine giant led the practice in 2012, and it is sending notifications to thousands of users every few months.