Microsoft will now be informing users of any state-sponsored attacks. The news comes after Reuters asked Microsoft officials regarding a hacking campaign in 2011 in which hackers attacked leaders from China’s Tibetan and Uighur minorities.
Reuters asked Microsoft to provide reasons as to why they didn’t tell the victims regarding the hacking campaign. In response to this Microsoft told Reuters they will now be informing all the users targeted by State-sponsored attacks.
But, previously two former employees from Microsoft revealed that Microsoft didn’t inform victims of a possible attack even though company’s experts found Chinese authorities behind the hacking campaign.
Chinese hackers breached Hotmail’s security
Microsoft in the statements said it’s impossible for them or U.S. government to find the suspects or source of the attacks as the attacks were launched from multiple countries.
Microsoft is not the first company to announce these alerts, previously Twitter, Facebook, Google and recently Yahoo all has announced these alerts to its users.
Google is the frontrunner in sending these alerts; the search engine pioneer has been sending alerts to its users since 2012 and updates the victims every few months.
Though, Microsoft has been sending security breach alerts to its users for last 2 years but never identified the suspects. In a statement, Microsoft said:
“As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’.”
But, the problem is security breach alerts don’t alert as much as state-sponsored attack alert like in the Chinese hacking campaign, Microsoft only alerted users by requesting for password change. When Reuters interviewed the victims they said they never found these alerts as state-sponsored attack alert.
That is why security experts and activists have recommended companies like Microsoft to specifically mention the nature of the attack so that victim can take measures accordingly and that even suspects should be mentioned if they are known.