MICROSOFT knew that Chinese authorities had hacked into more than a thousand Hotmail email accounts – but didn’t tell any of the victims, it has been reported.
 
Was YOUR Hotmail attacked? Microsoft WAS hacked but didn't tell any of the victims
Thousands of hotmail email accounts were hacked in a reported state-sponsored attack
 
Microsoft experts concluded several years ago that Chinese authorities had successfully hacked into more than a thousand Hotmail email accounts.
But the Redmond technology firm decided not to tell any of the victims, allowing the hackers to continue their campaign, according to former employees of the company.
Cyber hackers targeted international leaders of China's Tibetan and Uighur minorities, news agency Reuters has reported.
After a series of requests for comment, Microsoft said it would change its policy and in future tell its email customers when it suspects there has been a government hacking attempt.
 
Was YOUR Hotmail attacked? Microsoft WAS hacked but didn't tell any of the victims
Microsoft's hugely popular hotmail email service did not inform victims of the hack
 
Microsoft spokesman Frank Shaw said the company was never certain of the origin of the Hotmail attacks.
But after a vigorous internal debate in 2011 that reached Microsoft’s top security official, Scott Charney, and its then-general counsel and now president, Brad Smith, the company decided not to alert the users clearly that anything was amiss, the former employees said. Instead, it simply forced users to pick new passwords without disclosing the reason.
The company declined to say what role the exposure of the Hotmail campaign played in its decision to make the policy shift.
 
The first public signal of the attacks came in May 2011, though no direct link was immediately made with the Chinese authorities.
That's when security firm Trend Micro Inc announced it had found an email sent to someone in Taiwan that contained a miniature computer program. The program took advantage of a previously undetected flaw in Microsoft's own web pages to direct Hotmail and other free Microsoft email services to secretly forward copies of all of a recipient's incoming mail to an account controlled by the attacker.
Microsoft officials did not dispute that most of the attacks came from China, but said some came from elsewhere. They did not give further detail.
 
Was YOUR Hotmail attacked? Microsoft WAS hacked but didn't tell any of the victims
The first public signal of the attacks came back in May 2011
 
"We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. government were able to identify the source of the attacks, which did not come from any single country," the company said. "We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks."
In announcing the new policy, Microsoft said: "As the threat landscape has evolved our approach has too, and we'll now go beyond notification and guidance to specify if we reasonably believe the attacker is 'state-sponsored'."

Post a Comment Blogger Disqus

 
Top