Microsoft has announced that it will begin notifying users if they have been targeted in state-sponsored hacking attempts.
Scott Charney, Corporate Vice President, Trustworthy Computing at Microsoft, provides some context for the decision on the Redmond company’s blog:
“We’re committed to helping our users keep their personal information secure and private. A key part of our work is identifying and preventing unauthorized access to your Microsoft Account (including Outlook.com email and OneDrive) by anyone other than you,” the post begins. “We’re taking an additional step today. We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state.”
News of this policy decision comes just nine days after it was discovered that Microsoft had not alerted the victims of a hacking campaign that targeted leaders of China’s Tibetan and Uighur minorities back in 2011.
Reuters reports that according to two former Microsoft employees, the tech giant had determined as part of its own internal investigation that China was responsible for the hacks and had decided not to alert those Hotmail (now Outlook.com) users who had been affected.
At least five individual victims, which included human rights lawyers, diplomats, and others, were told to change their passwords but were not alerted to the hacks, writes Bloomberg.
Microsoft has contested this account by stating that neither it nor the U.S. government could pinpoint the attacks to a single country.
Charney goes on to explain in his announcement that receiving a notification from that company does not mean that a user’s account has been compromised but only that it has been targeted. He then recommends that all users implement two-factor authentication (2FA), protect their accounts with a strong password, and refrain from clicking on suspicious links.
Microsoft joins Google, Twitter, and others in the tech industry that have also made the decision to begin notifying customers of state-sponsored hacking attempts.