Former employees of Microsoft have today revealed that several years ago, Chinese authorities had hacked into more than a thousand Hotmail accounts targeting international leaders of China’s Tibetan and Uighur minorities. However, Microsoft decided not to warn the victims of the Chinese email hack, allowing the hackers to continue their campaign, Reuters is reporting.
On Wednesday, after a series of requests for comment from Reuters, Microsoft said it would change its policy and in future tell its email customers when it suspects there has been a government hacking attempt. The company also confirmed for the first time that it had not called, emailed or otherwise told the Hotmail users that their electronic correspondence had been collected. The company declined to say what role the exposure of the Hotmail campaign played in its decision to make the policy shift.
While Microsoft officials have not denied that most of the attacks came from China, they do say that some came from elsewhere. “We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. government were able to identify the source of the attacks, which did not come from any single country,” the company said. Microsoft further said that it considered the potential impact on any subsequent investigation, and therefore it took measures to prevent potential future attacks.
As the company announced the new security policy, it said that it will now “go beyond notification and guidance” to specify if it reasonably believes the attacker is ‘state-sponsored’.