SOFTWARE HOUSE Microsoft is facing up to its recent phishing losses and is scurrying around trying to work out what was lost and who was affected.
In recent weeks Microsoft properties including Twitter accounts and blogs have been taken over by hacktivists from the Syrian Electronic Army (SEA). While that group is not mentioned in the blog post from the firm, it definitely appears to have been the cause of it.
"Recently, a select number of Microsoft employees' social media and email accounts were subjected to targeted phishing attacks. This type of attack is not uncommon, and many companies grapple with phishing attempts from cybercriminals," said Microsoft Trustworthy Computing Group GM Adrienne Hall.
"While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed."
We knew this already, well some of it. The SEA posted snippets of emails, and said that it has taken enough information and access to allow it to revisit the firm's social media accounts and websites.
What we did not know, and what Microsoft has revealed is that documents relating to law enforcement activities and possibly customer information were stolen.
"While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen," added Hall.
"If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers - as well as the sensitivity of law enforcement inquiries - we will not comment on the validity of any stolen emails or documents."
Microsoft, which is just one of many victims claimed by the SEA, has promised to shore up its security efforts, processes, guidance and employee training following the attacks. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted