Microsoft on Friday stated in an official Trustworthy Computing blog post (spotted by Neowin) that a select number of Microsoft employees' social media and email accounts were subjected to targeted phishing attacks. Just recently, the Syrian Electronic Army (SEA) gained access and defaced the official Office blog just hours after the blog's redesign, along with defacing the official Microsoft News Twitter page and Technet Blogs in recent weeks.
"Recently, a select number of Microsoft employees’ social media and email accounts were subjected to targeted phishing attacks. This type of attack is not uncommon, and many companies grapple with phishing attempts from cybercriminals," Microsoft stated in an official blog post.
Microsoft stated that the investigation of these phishing attacks are still ongoing, however, documents associated with law enforcement inquiries were stolen as a result. Microsoft reiterated that they have further strengthened their security, as well as provided ongoing education to employees about managing social media accounts.
For the first six months of 2013, Microsoft received 37,196 requests from law enforcement agencies affecting 66,539 accounts affecting Hotmail, Outlook.com, SkyDrive, Xbox LIVE, Microsoft Account, Office 365, as well as Skype. However, only a small number of those requests resulted in the disclosure of customer data.
Microsoft has made it clear that they will only release this type of information to law enforcement with a valid subpoena to see non-content data and a court order or warrant to see customer's content. Microsoft also tries to make sure that the information requested is within the boundaries of the law.
"It appears that documents associated with law enforcement inquiries were stolen"
"While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen. If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents," Microsoft explained.
The SEA has recently been able to access a small number of Microsoft employee email accounts, aside from defacing the official Microsoft Twitter account, Xbox support Twitter account, Skype blog, and Technet blog.
So far, it seems that the SEA is looking to embarrass Microsoft, rather than cause any major harm. All we have seen so far is defaced blogs and Twitter accounts. It all started on January 1st, when the official Skype blog was defaced with messages stating that we shouldn't be using Microsoft email services since we are being spied on. Microsoft responded by stating, "You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience."
The SEA continues to promise that more of this is to come.