Feeds

Microsoft confirms: Staff inboxes hijacked amid 'Syrian army' cyber-blitz

'Small number' of Redmondites had emails compromised

Choosing a cloud hosting partner with confidence

Microsoft has finally admitted that an attack on two of its Twitter accounts and an official blog by a pro-Assad hacking group last weekend also compromised internal emails.

The Syrian Electronic Army posted to its Twitter feed several screenshots of emails purportedly belonging to Microsoft employees including Steve Clayton, the man in charge of the blog and Twitter accounts that were breached.

At the time it wasn’t sure if the SEA, never ones to shy away from publicity, had faked the emails.

However, Microsoft has now come clean, releasing the following statement, which El Reg got its hands on:

A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted. These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue.

Redmond declined to provide details regarding the roles or responsibilities of the staff whose accounts were compromised.

The SEA posted emails from only three Microsoft employees on its Twitter feed so at first sight that’s a reassuringly small number who failed the phishing test – assuming the attack was aimed at a wide range of Redmondians.

However, the news is still likely to raise questions about Microsoft’s internal security posture, and there could be more embarrassment ahead.

An SEA Tweet from Wednesday warned the computing giant to “stay tuned for more”.

With the official Skype Twitter account and blog hacked earlier this month, it’s shaping up to be a torrid start to 2014 for Microsoft.

Perhaps now would be a good time for staff to reacquaint themselves with some security best practices.

It hasn’t all been going the SEA’s way in 2014, of course.

Earlier this week the hacktivists got a taste of their own medicine when a Turkish group breached their hosting provider and defaced their official sea.sy site. ®

Beginner's guide to SSL certificates

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.