Microsoft has confirmed to The Verge that a "small number" of employee email accounts were accessed during the latest round of attacks by the Syrian Electronic Army. The hacking group posted three internal emails that appear to have been obtained from several Microsoft employee’s Outlook Web Access accounts. The emails mainly discuss the latest compromises of several Microsoft-owned Twitter accounts, but they do show that the Syrian Electronic Army (SEA) gained much greater access beyond just social network accounts.
"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted," says a Microsoft spokesperson. "These accounts were reset and no customer information was compromised." The latest around of attacks affected Microsoft’s official news blog and Twitter account, alongside the official Xbox support Twitter account. On January 1st, the Syrian Electronic Army also obtained access to the official Skype blog and Twitter accounts, and posted an anti-Microsoft tweet that was retweeted more than 8,000 times.
It makes one wonder what type of password policy they use....
New to the Community? Register now and start posting!
Helpful Webroot Links: