Hackers Steal Law Enforcement Documents From Microsoft 53
wiredmikey writes "Microsoft on Friday said that attackers breached the email accounts of a "select number" of employees, and obtained access to documents associated with law enforcement inquiries. According to the company, a number of Microsoft employees were targeted with attacks aiming to compromise both email and social media accounts '..We have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed,' said Adrienne Hall, General Manager at Microsoft's Trustworthy Computing Group. 'It appears that documents associated with law enforcement inquiries were stolen,' Hall said. Targeted attacks like this are not uncommon, especially for an organization like Microsoft. What's interesting about this is that the incident was significant enough to disclose, indicating that a fair number of documents could have been exposed, or that the company fears some documents will make their way to the public if released by the attackers—which may be the case if this was a 'hacktivist' attack."
Annual report says MS unconcerned about security (Score:5, Informative)
It does not appear that Microsoft is "on high alert".
I recently read over the annual reports from major tech companies, looking at the business risks they report. This is an indication of how high level executives see the risks the company faces. Google, for example, has several paragraphs covering the damage to the brand, costly remediation, and potential liability if users' private information were breached, if confidential information about new product research leaked, etc.
Microsoft lists the following risks to their business:
Competition. If large organizations start using Google Docs etc. that would severely hurt Microsoftprofits.
Product flops. Products they are developing could flop the way Surface and Windows 8.
Legal action. MS is still in trouble in Europe for unlawful behavior.
Patent infringement. MS may be infringing on other companies patents.
Nowhere did it mention security as a risk that MS executives have on their radar screen at all. This is in marked contrast to Google and some others. Several "old guard" companies make no mention of how security issues could affect their business, while newer companies seem to be slightly more aware.
Re:Documents Deliberately Released? (Score:2, Informative)
Having worked with several MS security experts in my career, and given their near universal knowledge and somewhat Borg mentality concerning MS security practices, I would venture that you are correct. Except that it was not intentional, someone just REALLY pooched the goose and left the documents on a flash drive that got out while everyone was frantically looking for it.
Oh the stories I have... MS employees and contractors are funny.