A number of former Microsoft employees have revealed that top international leaders living in China were targets of email hacking by the Chinese government in 2011, but that Microsoft failed to warn the victims that their email accounts were being monitored by the government – putting the victims at the mercy of the Chinese government - Reuters wrote.
How To: Buy a Pokemon Go Plus
Top international leaders among whom are leaders of China’s Tibetan and Uighur minorities were targeted in the email hacking – there were over 1,000 victims using Hotmail email accounts. Most of these people continue to use their emails up till today without any knowledge that they are targets of email monitoring by the Chinese authorities – because Microsoft would not tell them of the threats.
Microsoft on Wednesday tacitly agreed it did not do well in this regard, and said it would in the future warn its users of any potential threats from state governments once this is suspect. Microsoft further agreed that it did not warn or called its users to alert them to the fact that their Hotmail email accounts were compromised in any way.
But in May 2011, security firm Trend Micro detected a tiny computer program in an email delivered to an individual in Taiwan. Microsoft was not initially aware of the bug, but the bug forwarded copies of incoming correspondence to a recipient’s email to another email controlled by the hacker.
Investigating the attacks later, Microsoft detected that the email accounts of senior Uighur and Tibetan leaders, Japanese and African diplomats, human rights lawyers, and other top figures residing in China had been intercepted. The email company quickly patched the vulnerability.
"We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. government were able to identify the source of the attacks, which did not come from any single country," Microsoft said.
"We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks," the company added.
That is not all. Microsoft promised that by its new threat notification policy, it will start to inform potential victims of any state-sponsored threats against their email accounts. "As the threat landscape has evolved our approach has too, and we'll now go beyond notification and guidance to specify if we reasonably believe the attacker is `state-sponsored.'"
Although Microsoft forced most of the identified victims to reset their passwords, unfortunately most of them don’t remember when they did this – and others think being asked to reset one’s password is a normal thing all email users are asked to do, and not necessarily because one is being targeted by hackers.