Microsoft will tell users of its email services when it believes them to have been the victim of a hack by national governments.
The tech giant, which owns and operates the Outlook.com (formerly Hotmail) service, has revealed it’s to disclose suspected hacks to users, even if the guilty party is the government. It comes after pressure was put on Microsoft to do so when the Chinese authorities were found to have spied on accounts belonging to minorities within the country.
Previous state-sponsored hacking played down
Two former Microsoft employees revealed that the Chinese authorities had at least attempted a hack on the Hotmail accounts of Tibetan and Uighur minorities back in 2011. Despite knowing this, Microsoft declined to tell the individuals involved that the attack was potentially state-sponsored, instead simply telling them to change their passwords. Reuters pressed Microsoft into disclosing why it had kept the spying a secret, eventually getting the answer that neither it nor the US government were able to exactly pinpoint the source, as these attacks came from multiple countries.
Despite acknowledging that such hacks weren’t disclosed in the past, Microsoft pledged to let account holders know in future if any attacks are made, even if they’re suspected to have come from the government. It follows on from similar announcements by Facebook, Twitter and Yahoo to do the same.
Google has lead the way on this front, having told its account holders of any suspected attacks since 2012.
A Microsoft spokesperson told reuters.com: “As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’.”
Additionally, a blog posted by Microsoft went on: “We’re taking this additional step of letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.”