It’s a bad month to be one of Microsoft’s social media properties.
For who missed it. #SEA pic.twitter.com/RhQsJ5iB0H
— SyrianElectronicArmy (@Official_SEA16) January 11, 2014
The Syrian Electronic Army managed to take over the company’s @MSFTnews and @Xbox Twitter handles, as well as the Official Microsoft Blog for a short time today. The attack comes a week and a half after the group hit Skype’s social media properties on New Year’s Day. Like last week’s attack, the group of hackers loyal to Syrian President Bashar al-Assad took the opportunity to claim responsibility, as well as repeat their claim that Microsoft is selling user data from its email services to the U.S. Government.
The Official Microsoft Blog: Syrian Electronic Army Was Here #SEA pic.twitter.com/CzYH5jMrY8
— SyrianElectronicArmy (@Official_SEA16) January 12, 2014
At the time of the Skype attack, Microsoft said that there was no sign that any user data was at risk, and the company doesn’t seem to think this attack is any different.
“Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised,” a Microsoft spokesperson said in a statement emailed to GeekWire.
What @MSFTnews staff are doing now. #SEA pic.twitter.com/rPs0gAy5MG
— SyrianElectronicArmy (@Official_SEA16) January 11, 2014
What @Microsoft staff are doing – Part 2 #SEA pic.twitter.com/H7sV91VvJW
— SyrianElectronicArmy (@Official_SEA16) January 12, 2014
Still, this attack brings a new, potentially troubling wrinkle: SEA is publishing what it claims to be internal emails between Microsoft employees discussing the breach. Microsoft hasn’t confirmed the veracity of any of the emails the SEA has published, but if they are accurate, that could point to the hackers having deeper access into the company’s systems than was previously known.
UPDATE (Jan. 12, 11:10 a.m.): Microsoft provided the following statement about the attack on the Official Microsoft Blog to GeekWire via email:
Microsoft is aware of a targeted cyberattack that temporarily affected the Official Microsoft Blog. The account was quickly reset and we can confirm that no customer information was compromised.
Following the targeted cyberattack that temporarily affected the Official Microsoft Blog, as a precaution, all TechNet blogs were taken offline. After a review, we determined that the Official Microsoft Blog was the only blog impacted and we restored all TechNet blogs.
