Microsoft to Warn Users of Governmental Hacks

Microsoft to Warn Users of Governmental Hacks

Microsoft on Thursday announced that it will alert users of its consumer cloud services—, OneDrive and so on—when it suspects that governments are trying to hack into their accounts.

Microsoft’s policy change was first reported by Reuters, which had confronted the software giant about not telling users when governments hacked their accounts. But Microsoft says that neither it nor the U.S. government were able to determine who was behind the 2009 electronic attack noted below.

“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others,” Microsoft corporate vice president for trustworthy computing Scott Charney explains. “The evidence we collect in any active investigation may be sensitive, so we do not plan on providing detailed or specific information about the attackers or their methods. But when the evidence reasonably suggests the attacker is ‘state sponsored,’ we will say so.”

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

This is a bold new step, even for a company that has been pushing back against governmental intrusions every more publicly over the past year or more. And in taking this step, Microsoft has once again chosen its customers over what it sees as illegal behavior on the parts of the world’s governments.

A Reuters report claims that Microsoft had obtained evidence of a Chinese governmental hack into over one thousand Hotmail accounts, and decided not to tell the victims, most of whom were associated with the leadership of China’s Tibetan and Uighur minorities. Though it has denied this report, Microsoft decided to change its policy about governmental intrusions. But some other technology companies already issue such warnings. For example, Google has done so since 2012.

The China hacking incident dates back to 2009, but Microsoft didn’t uncover the source until 2011, when Trend Micro alerted it to a flaw in the Hotmail web site that allowed hackers to forward emails from specific accounts. Microsoft patched the service before Trend Micro announced the hack.

“We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. government were [initially] able to identify the source of the attacks, which did not come from any single country,” a Microsoft statement about the Chinese hacks notes. “We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks.”

Microsoft did alert the impact users about an intrusion and required them to reset their passwords. But the firm didn’t tell them that the intrusion was carried out by the Chinese government, because it was unable to determine the source, it says.

“Our primary concern was ensuring that our customers quickly took practical steps to secure their accounts, including by forcing a password reset,” Microsoft explains.

As you might expect, China is not happy to be named in Reuters’ report.

“China is a resolute defender of cyber-security and strongly opposes any forms of cyber-attacks,” a statement by the China Foreign Ministry claims.

Microsoft also provided some information about how users can secure their Microsoft accounts. This includes enabling two-step verification, using a strong password that is changed regularly, monitoring for suspicious activity, paying attention when opening emails, and ensuring that your PC is up-to-date with anti-virus and other security software.

UPDATE: This article has been updated to reflect the fact that Microsoft still does not know who was responsible for the 2009 electronic attack against people opposed to the Chinese government’s policies.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Office 365 Coexistence for Mergers & Acquisitions: Don’t Panic! Make it SimpleLive Webinar on Tuesday, November 16, 2021 @ 1 pm ET

In this session, Microsoft MVPs Steve Goodman and Mike Weaver, and tenant migration expert Rich Dean, will cover the four most common steps toward Office 365 coexistence and explain the simplest route to project success.

  • Directory Sync/GAL Sync – How to prepare for access and awareness
  • Calendar Sharing – How to retrieve a user’s shared calendar, or a room’s free time
  • Email Routing – How to guarantee email is routed to the active mailbox before and after migration
  • Domain Sharing – How to accommodate both original and new SMTP domains at every stage

Aimed at IT Admins, Infrastructure Engineers and Project Managers, this session outlines both technical and project management considerations – giving you a great head start when faced with a tenant migration.the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

Sponsored by: