Microsoft Now Alerting Users To State-Sponsored Attacks

Microsoft is changing its policy after a Reuters report revealed that the company didn't alert users under similar previous circumstances.
Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
(Click image for larger view and slideshow.)

Microsoft is joining a host of other tech giants in tweaking its information security policies, announcing it will now notify its users if Redmond believes an account has been targeted or compromised by an individual or group working on behalf of a nation state.

The announcement comes following a Dec. 30 Reuters report that sourced former Microsoft employees and claimed the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago.

When contacted by Reuters, the company also confirmed that it had not told the users of the hack, which was first discovered by Trend Micro back in May 2011.

"We're committed to helping our users keep their personal information secure and private," Scott Charney, Microsoft's corporate vice president of trustworthy computing, wrote in a blog post. "A key part of our work is identifying and preventing unauthorized access to your Microsoft Account, including email and OneDrive, by anyone other than you."

Microsoft already notify users if the company believes their accounts have been targeted or compromised by a third party. The company also provides guidance on measures users can take to keep their accounts secure.

Redmond also noted that the evidence it collects in any active investigation may be sensitive, so the company does not plan on providing detailed or specific information about the attackers or methods they use.

However, when the evidence reasonably suggests the attacker is state sponsored, Charney said Microsoft will say so.

Microsoft is just the latest major tech company to refine its alert process. Earlier this week, Yahoo announced it is planning to notify its customers if the company suspects that their accounts have been hacked by parties working on behalf of governments.

These new Yahoo notifications will provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.

Microsoft also provided a list of steps that it said everyone should take to help keep their online personal information secure, including turning on two-step verification, which makes it harder for hackers to access an account even if they guess the user's password, because if they try to sign in on a device Microsoft doesn't recognize, they will be asked for an extra security code.

Microsoft allows its users to authenticate the second step from a special app on their smartphones, or have it sent to a different email address or through an SMS text message.

The company also recommends making sure the password contains a mix of letters, numbers, and symbols, isn't a complete word and is different than the password used on other sites, and suggests its best to change the password often.

[Read more about Microsoft's efforts to secure companies' data.]

In order to prevent against viruses on Windows PCs, Microsoft said users should turn on Windows Update to ensure PC and Microsoft software stay up to date, as well as installing a reputable anti-virus and anti-malware software platform.

The company noted both Windows 8.1 and Windows 10 already include free anti-malware software called Windows Defender.

In addition, the Microsoft Account Security Page provides additional information regarding the steps users can take to better protect personal data and make any necessary changes.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.