Microsoft Now Alerting Users To State-Sponsored Attacks - InformationWeek
11:05 AM

Microsoft Now Alerting Users To State-Sponsored Attacks

Microsoft is changing its policy after a Reuters report revealed that the company didn't alert users under similar previous circumstances.

Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
(Click image for larger view and slideshow.)

Microsoft is joining a host of other tech giants in tweaking its information security policies, announcing it will now notify its users if Redmond believes an account has been targeted or compromised by an individual or group working on behalf of a nation state.

The announcement comes following a Dec. 30 Reuters report that sourced former Microsoft employees and claimed the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago.

When contacted by Reuters, the company also confirmed that it had not told the users of the hack, which was first discovered by Trend Micro back in May 2011.

"We're committed to helping our users keep their personal information secure and private," Scott Charney, Microsoft's corporate vice president of trustworthy computing, wrote in a blog post. "A key part of our work is identifying and preventing unauthorized access to your Microsoft Account, including email and OneDrive, by anyone other than you."

(Image: Pete_Flyer/iStockphoto)

(Image: Pete_Flyer/iStockphoto)

Microsoft already notify users if the company believes their accounts have been targeted or compromised by a third party. The company also provides guidance on measures users can take to keep their accounts secure.

Redmond also noted that the evidence it collects in any active investigation may be sensitive, so the company does not plan on providing detailed or specific information about the attackers or methods they use.

However, when the evidence reasonably suggests the attacker is state sponsored, Charney said Microsoft will say so.

Microsoft is just the latest major tech company to refine its alert process. Earlier this week, Yahoo announced it is planning to notify its customers if the company suspects that their accounts have been hacked by parties working on behalf of governments.

These new Yahoo notifications will provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.

Microsoft also provided a list of steps that it said everyone should take to help keep their online personal information secure, including turning on two-step verification, which makes it harder for hackers to access an account even if they guess the user's password, because if they try to sign in on a device Microsoft doesn't recognize, they will be asked for an extra security code.

Microsoft allows its users to authenticate the second step from a special app on their smartphones, or have it sent to a different email address or through an SMS text message.

The company also recommends making sure the password contains a mix of letters, numbers, and symbols, isn't a complete word and is different than the password used on other sites, and suggests its best to change the password often.

[Read more about Microsoft's efforts to secure companies' data.]

In order to prevent against viruses on Windows PCs, Microsoft said users should turn on Windows Update to ensure PC and Microsoft software stay up to date, as well as installing a reputable anti-virus and anti-malware software platform.

The company noted both Windows 8.1 and Windows 10 already include free anti-malware software called Windows Defender.

In addition, the Microsoft Account Security Page provides additional information regarding the steps users can take to better protect personal data and make any necessary changes.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
1/4/2016 | 1:18:52 PM
Good thing
We'll see how long it lasts.  I'm sure there are several authoritarian governments that are very unhappy about this, but if western providers stick together, there won't be much they can do.
User Rank: Ninja
1/4/2016 | 9:37:07 AM
Re: Serious Consequences
@tzubair: Microsoft wants to continue to operate in China. No? :) One can not operate in China and say NO to the Chinese govt.
Li Tan
Li Tan,
User Rank: Ninja
1/3/2016 | 4:29:23 PM
Re: Serious Consequences
Exactly - the privacy must be protected properly. Furthermore, the backdoor is not acceptable to give hackers the opportunity to exploit.
User Rank: Ninja
1/1/2016 | 11:26:02 PM
Re: Serious Consequences
@tzubair, sad reality we are entering new stage of State sponsored cyber wars... 
User Rank: Ninja
12/31/2015 | 12:27:24 PM
Serious Consequences

"the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago"

I think this has to be a very serious issue which did not surface much in the news. If the authorites managed to hack and download all the emails from these accounts these could lead to very serious consequences. Regardless of whether these people were potential criminals, I don't think the country or any authority should get this right.

2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Register for InformationWeek Newsletters
White Papers
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll