Jump to content
Login new information ×
Login new information

Microsoft confirms Syrian Electronic Army hacked into employee email accounts

Reefa

By Reefa
in Security & Privacy News

 Share

Recommended Posts

Reefa

Reefa

Posted
Posted

Microsoft has confirmed to The Verge that a "small number" of employee email accounts were accessed during the latest round of attacks by the Syrian Electronic Army. The hacking group posted three internal emails that appear to have been obtained from several Microsoft employee’s Outlook Web Access accounts. The emails mainly discuss the latest compromises of several Microsoft-owned Twitter accounts, but they do show that the Syrian Electronic Army (SEA) gained much greater access beyond just social network accounts.

microsoftlogostock1_640_large_verge_medi
"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted," says a Microsoft spokesperson. "These accounts were reset and no customer information was compromised." The latest around of attacks affected Microsoft’s official news blog and Twitter account, alongside the official Xbox Twitter and Instagram accounts. On January 1st, the Syrian Electronic Army also obtained access to the official Skype blog and Twitter accounts, and posted an anti-Microsoft tweet that was retweeted more than 8,000 times.
BdvjgFLCUAAZVRf.png


What @Microsoft staff are doing - Part 2 #SEA

1:40 AM - 12 Jan 2014

It’s clear the attacks were part of a complex phishing attack, but the Syrian Electronic Army have been relentless in their targeting of Microsoft. "It seems bit.ly is the backdoor that has been found," says one Microsoft employee in internal emails posted by the SEA. The embarrassing series of compromises could also be related to weak password security alongside phishing. "A Microsoft employee wanted to make his password more stronger, so he changed it from ‘Microsoft2’ to ‘Microsoft3’ #happened," says a SEA spokesperson in a recent tweet.

It’s not immediately clear how many email accounts were targeted during the recent attacks, or how much data the Syrian Electronic Army were able to obtain before the accounts were reset. A Syrian Electronic Army representative says that the latest attacks were designed to be a distraction, indicating there could be further compromises in future. "We are making some distraction for Microsoft employees so we can success in our main mission," the SEA told The Verge by email.

BduZlHMCYAA-Yuk.png

SyrianElectronicArmy

@Official_SEA16


What @MSFTnews staff are doing now. #SEA

8:17 PM - 11 Jan 2014

Source

Link to comment
Share on other sites
  • Replies 1
  • Views 726
  • Created
  • Last Reply

Top Posters In This Topic

  • Reefa

    1

  • Turk

    1

Popular Days

Top Posters In This Topic

Popular Days

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...