Ever since Google started notifying its users when they were targeted by government-sponsored cyber attacks back in 2012, many companies in the technology industry have followed suit, especially after the Snowden leaks popped up the following year. Microsoft has become the latest such company to adopt this practice, possibly in response to the recent revelation that the company discovered a series of cyber attacks back in 2011 that it knew were the work of the Chinese government, but chose not to alert the victims of the attacks. Although the company has been alerting users to potential security breaches for a couple of years, it’s never provided the identity of the attacker, until now.
Microsoft Corp said on Wednesday it will begin warning users of its Outlook.com email service when the company suspects that a government has been trying to hack into their accounts. Microsoft told Reuters about the plan in a statement. It comes nine days after the news agency asked the company why it had decided not to tell victims of a hacking campaign, discovered in 2011, that had targeted international leaders of China’s Tibetan and Uighur minorities in particular. According to two former employees of Microsoft, the company’s own experts had concluded several years ago that Chinese authorities had been behind the campaign but the company did not pass on that information to users of its Hotmail service, now called Outlook.com. In its statement, Microsoft said neither it nor the US government could pinpoint the sources of the hacking attacks and that they didn’t come from a single country. Google Inc pioneered the practice in 2012 and said it now alerts tens of thousands of users every few months. For two years, Microsoft has offered alerts about potential security breaches without specifying the likely suspect. In the statement, Microsoft said: “As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’.” Microsoft declined to say what role, if any, the Hotmail hacking campaign played in its policy change.