Microsoft Now Alerting Users To State-Sponsored Attacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

11:05 AM

Microsoft Now Alerting Users To State-Sponsored Attacks

Microsoft is changing its policy after a Reuters report revealed that the company didn't alert users under similar previous circumstances.

Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
(Click image for larger view and slideshow.)

Microsoft is joining a host of other tech giants in tweaking its information security policies, announcing it will now notify its users if Redmond believes an account has been targeted or compromised by an individual or group working on behalf of a nation state.

The announcement comes following a Dec. 30 Reuters report that sourced former Microsoft employees and claimed the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago.

When contacted by Reuters, the company also confirmed that it had not told the users of the hack, which was first discovered by Trend Micro back in May 2011.

"We're committed to helping our users keep their personal information secure and private," Scott Charney, Microsoft's corporate vice president of trustworthy computing, wrote in a blog post. "A key part of our work is identifying and preventing unauthorized access to your Microsoft Account, including email and OneDrive, by anyone other than you."

(Image: Pete_Flyer/iStockphoto)

(Image: Pete_Flyer/iStockphoto)

Microsoft already notify users if the company believes their accounts have been targeted or compromised by a third party. The company also provides guidance on measures users can take to keep their accounts secure.

Redmond also noted that the evidence it collects in any active investigation may be sensitive, so the company does not plan on providing detailed or specific information about the attackers or methods they use.

However, when the evidence reasonably suggests the attacker is state sponsored, Charney said Microsoft will say so.

Microsoft is just the latest major tech company to refine its alert process. Earlier this week, Yahoo announced it is planning to notify its customers if the company suspects that their accounts have been hacked by parties working on behalf of governments.

These new Yahoo notifications will provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.

Microsoft also provided a list of steps that it said everyone should take to help keep their online personal information secure, including turning on two-step verification, which makes it harder for hackers to access an account even if they guess the user's password, because if they try to sign in on a device Microsoft doesn't recognize, they will be asked for an extra security code.

Microsoft allows its users to authenticate the second step from a special app on their smartphones, or have it sent to a different email address or through an SMS text message.

The company also recommends making sure the password contains a mix of letters, numbers, and symbols, isn't a complete word and is different than the password used on other sites, and suggests its best to change the password often.

[Read more about Microsoft's efforts to secure companies' data.]

In order to prevent against viruses on Windows PCs, Microsoft said users should turn on Windows Update to ensure PC and Microsoft software stay up to date, as well as installing a reputable anti-virus and anti-malware software platform.

The company noted both Windows 8.1 and Windows 10 already include free anti-malware software called Windows Defender.

In addition, the Microsoft Account Security Page provides additional information regarding the steps users can take to better protect personal data and make any necessary changes.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll