Microsoft Corp announced that it will begin taking measures were it warns its clients, including those using Outlook.com email, whenever they suspect a government’s attempt on hacking into their accounts.
For two years now, Microsoft offered alerts on potential security breaches without specifying any suspect.
Moreover, the policy change came after a hacking campaign was discovered in 2011, and that had targeted international leaders of China’s Tibetan and Uighur minorities in particular.
According to two former employees of Microsoft, the company’s own experts had concluded several years ago that Chinese authorities had been behind the campaign but the company did not pass on that information to users of its Hotmail service, which is now called Outlook.com.
In its statement, Microsoft said neither it nor the U.S. government could identify the sources of the hacking attacks and that they didn’t come from a single country.
Furthermore, Microsoft said: “As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’.”
“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others”, Microsoft said in a blog post published late Wednesday.
Microsoft usually tells those who have been subject to hacking or attempted hacking to reset their passwords, however the user would not be informed of the reason behind the0 reset. Five victims interviewed by Reuters said they had not taken the password reset as an indication of hacking.
Online free-speech activists and security experts have long called for more direct warnings, saying that they prompt behavioral changes from email users.