Microsoft has taken the unusual step of admitting that attackers - many suspect the Syrian Electronic Army (SEA) - have successfully breached its security and gained access to access to “law enforcement” documents held by some of its employees.
According to Friday’s blog post, the recent targeted attack on the employees’ social media and email accounts could lead to the pilfered information being made public.
“While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed,” it said.
“If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents.”
This type of attack was not uncommon, Microsoft said, weakly, by way of defence.
The attack has the hallmarks of the Syrian Electronic Army (SEA), which also happens to have claimed the attack as its handiwork. This can’t be confirmed until the SEA releases some evidence of the stolen documents.
The SEA has successfully cut a swathe through the social media and email security of numerous high-profile mostly media organisations, including most recently CNN. The SEA also successfully hacked Microsoft’s blog site and subsidiary Skype earliee this month.
The message should be is clear by now; contemporary email and password security is no barrier to a determined hacker that knows how to craft attacks to find its weaknesses.