IoT
IoT
Software
News
12/31/2015
11:05 AM
50%
50%

Microsoft Now Alerting Users To State-Sponsored Attacks

Microsoft is changing its policy after a Reuters report revealed that the company didn't alert users under similar previous circumstances.

Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
(Click image for larger view and slideshow.)

Microsoft is joining a host of other tech giants in tweaking its information security policies, announcing it will now notify its users if Redmond believes an account has been targeted or compromised by an individual or group working on behalf of a nation state.

The announcement comes following a Dec. 30 Reuters report that sourced former Microsoft employees and claimed the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago.

When contacted by Reuters, the company also confirmed that it had not told the users of the hack, which was first discovered by Trend Micro back in May 2011.

"We're committed to helping our users keep their personal information secure and private," Scott Charney, Microsoft's corporate vice president of trustworthy computing, wrote in a blog post. "A key part of our work is identifying and preventing unauthorized access to your Microsoft Account, including Outlook.com email and OneDrive, by anyone other than you."

(Image: Pete_Flyer/iStockphoto)

(Image: Pete_Flyer/iStockphoto)

Microsoft already notify users if the company believes their accounts have been targeted or compromised by a third party. The company also provides guidance on measures users can take to keep their accounts secure.

Redmond also noted that the evidence it collects in any active investigation may be sensitive, so the company does not plan on providing detailed or specific information about the attackers or methods they use.

However, when the evidence reasonably suggests the attacker is state sponsored, Charney said Microsoft will say so.

Microsoft is just the latest major tech company to refine its alert process. Earlier this week, Yahoo announced it is planning to notify its customers if the company suspects that their accounts have been hacked by parties working on behalf of governments.

These new Yahoo notifications will provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.

Microsoft also provided a list of steps that it said everyone should take to help keep their online personal information secure, including turning on two-step verification, which makes it harder for hackers to access an account even if they guess the user's password, because if they try to sign in on a device Microsoft doesn't recognize, they will be asked for an extra security code.

Microsoft allows its users to authenticate the second step from a special app on their smartphones, or have it sent to a different email address or through an SMS text message.

The company also recommends making sure the password contains a mix of letters, numbers, and symbols, isn't a complete word and is different than the password used on other sites, and suggests its best to change the password often.

[Read more about Microsoft's efforts to secure companies' data.]

In order to prevent against viruses on Windows PCs, Microsoft said users should turn on Windows Update to ensure PC and Microsoft software stay up to date, as well as installing a reputable anti-virus and anti-malware software platform.

The company noted both Windows 8.1 and Windows 10 already include free anti-malware software called Windows Defender.

In addition, the Microsoft Account Security Page provides additional information regarding the steps users can take to better protect personal data and make any necessary changes.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Ninja
1/4/2016 | 1:18:52 PM
Good thing
We'll see how long it lasts.  I'm sure there are several authoritarian governments that are very unhappy about this, but if western providers stick together, there won't be much they can do.
nasimson
50%
50%
nasimson,
User Rank: Ninja
1/4/2016 | 9:37:07 AM
Re: Serious Consequences
@tzubair: Microsoft wants to continue to operate in China. No? :) One can not operate in China and say NO to the Chinese govt.
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
1/3/2016 | 4:29:23 PM
Re: Serious Consequences
Exactly - the privacy must be protected properly. Furthermore, the backdoor is not acceptable to give hackers the opportunity to exploit.
batye
50%
50%
batye,
User Rank: Ninja
1/1/2016 | 11:26:02 PM
Re: Serious Consequences
@tzubair, sad reality we are entering new stage of State sponsored cyber wars... 
tzubair
50%
50%
tzubair,
User Rank: Ninja
12/31/2015 | 12:27:24 PM
Serious Consequences
 

"the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago"

I think this has to be a very serious issue which did not surface much in the news. If the authorites managed to hack and download all the emails from these accounts these could lead to very serious consequences. Regardless of whether these people were potential criminals, I don't think the country or any authority should get this right.

 
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of August 21, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.