Microsoft Twitter accounts, blog hijacked by SEA
Another week, ANOTHER security own goal for Redmond
Microsoft had two Twitter accounts and an official blog compromised over the weekend in another embarrassing security incident for the Redmond giant.
Attackers claiming to belong to pro-Assad group the Syrian Electronic Army (SEA) managed to crack the @MSFTnews and @XboxSupport accounts on Saturday and post various messages hash-tagged “SEA”, according to Mashable.
One read: “Don’t use Microsoft emails (Hotmail, outlook), They are monitoring your accounts and selling the data to the governments.”
The messages are no longer live and a Microsoft spokesperson sent the following statement to The Reg.
Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised.
The attackers were also apparently able to take control of The Official Microsoft Blog at blogs.technet.com and either force a redirect to their own site or display a homepage defaced with SEA slogans.
That blog is now back to normal and there was no Microsoft statement on the incident.
The group also tweeted screen grabs purportedly showing internal Microsoft emails related to the attacks, although as yet there has been no confirmation from Redmond on whether they are legit.
The embarrassing compromises come little more than a week after SEA attackers hit the official Skype Twitter account and blog to post more anti-Microsoft messages.
These also related to allegations from Edward Snowden that Redmond is being rather too compliant with NSA access requests.
Perhaps more damaging from a Microsoft perspective, however, is that such incidents lead credence to the notion its internal security processes still aren't up to scratch. ®
Sponsored: CISO Guide: Secure Cloud and Mobile Data