Feeds

Microsoft confirms: Staff inboxes hijacked amid 'Syrian army' cyber-blitz

'Small number' of Redmondites had emails compromised

Top 5 reasons to deploy VMware with Tegile

Microsoft has finally admitted that an attack on two of its Twitter accounts and an official blog by a pro-Assad hacking group last weekend also compromised internal emails.

The Syrian Electronic Army posted to its Twitter feed several screenshots of emails purportedly belonging to Microsoft employees including Steve Clayton, the man in charge of the blog and Twitter accounts that were breached.

At the time it wasn’t sure if the SEA, never ones to shy away from publicity, had faked the emails.

However, Microsoft has now come clean, releasing the following statement, which El Reg got its hands on:

A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted. These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue.

Redmond declined to provide details regarding the roles or responsibilities of the staff whose accounts were compromised.

The SEA posted emails from only three Microsoft employees on its Twitter feed so at first sight that’s a reassuringly small number who failed the phishing test – assuming the attack was aimed at a wide range of Redmondians.

However, the news is still likely to raise questions about Microsoft’s internal security posture, and there could be more embarrassment ahead.

An SEA Tweet from Wednesday warned the computing giant to “stay tuned for more”.

With the official Skype Twitter account and blog hacked earlier this month, it’s shaping up to be a torrid start to 2014 for Microsoft.

Perhaps now would be a good time for staff to reacquaint themselves with some security best practices.

It hasn’t all been going the SEA’s way in 2014, of course.

Earlier this week the hacktivists got a taste of their own medicine when a Turkish group breached their hosting provider and defaced their official sea.sy site. ®

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.