Microsoft Corporation assured users that it is committed to keeping their personal information secure and private, and vowed to notify them if their accounts (Outlook.com email and OneDrive) have been compromised or targeted by government hackers.
Chinese government hacking details
The hackers targeted the e-mail accounts of the international leaders of China’s Tibetan and Uighur minorities. Microsoft’s failure to notify the victims allowed the Chinese government’s hackers to continue their hacking activities.
Trend Micro, a security firm, first discovered the attacks in May 2011but did not immediately link it to the Chinese authorities, who took advantage of advantage of a previously undetected flaw in Microsoft’s web pages, Hotmail, and other free e-mail services.
Microsoft had patched the vulnerability before the security firm revealed its findings to the public. The software giant launched an investigation that year and found that some attacks started in July 2009, which were linked to a Chinese network called AS4808 responsible for major spying campaigns. The software giant also found that other attacks came from elsewhere.
The e-mail accounts of top Uighur and Tibetan leaders in multiple countries, Japanese and African diplomats, human rights lawyers and others holding important positions inside China has been compromises.
Microsoft considered several factors in responding to the incident
“We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. government was able to identify the source of the attacks, which did not come from any single country,” according to Microsoft.
The company added, “We also considered the potential impact of any subsequent investigation and ongoing measures we were taking to prevent potential future attacks.”
Microsoft said a key part of its commitment to keeping users’ personal information secure and private was identifying and preventing unauthorized access to their accounts.
In a blog post, Scott Charney, Corporate Vice President, Trust Worthy Computing at Microsoft, said,“We already notify users if we believe their accounts have been targeted or compromised by a third party, and we provide guidance on measures users can take to keep their accounts secure.”
According to him, the company is taking the additional step of specifically informing users if it has evidence that an attack may be “state-sponsored.”
Mr. Charney explained that such attack could be more sophisticated or more sustained than attacks from cybercriminals and others. He added, “These notifications do not mean that Microsoft’s systems have in any way been compromised.”
Mr. Charney further explained that receiving a notice from Microsoft does not necessarily mean that the account of the user has been compromised. However, it means that the company has evidence that the account has been targeted.
“It’s very important you take additional measures to keep your account secure. You should also make sure your computer and other devices don’t have viruses or malware installed, and that all your software is up to date,” said Mr. Charney.
Important steps to protect Microsoft account
Mr. Charney shared the following important steps to help users protect their Microsoft account and keep their online personal information private.
- Turn on two-step verification to it more difficult for hackers to access your account even if they guess your password
- Use a strong password and change it often: Make sure your password contains a mix of letters, numbers, and symbols, isn’t a complete word and is different than the password you use on other sites.
- Watch for suspicious activity on your account. The “Recent Activity” page on your Microsoft Account shows recent sign-ins and changes to your account. It also allows you to inform Microsoft if someone else is making these changes.
- Be careful of suspicious emails and websites: Don’t open emails from unfamiliar senders or email attachments that you don’t recognize. Be careful when downloading apps or files from the Internet, and make sure you know the source.
- Keep your computer software, including your Web browser, up to date and run an up-to-date anti-virus program: For Windows PCs, you should turn on Windows Update to ensure your PC and Microsoft software stay up to date.
- Install a reputable anti-virus/ anti-malware software. Both Windows 8.1 and Windows 10 have free anti-malware software called Windows Defender.