Microsoft has revealed this week that documents "associated with law enforcement inquiries" were stolen during recent attacks on employee email accounts. The software giant has been the subject of a recent campaign by the Syrian Electronic Army to compromise Microsoft email and social media accounts. While Microsoft previously confirmed the Syrian Electronic Army had been able to breach a "small number" of employee email accounts, a further warning was issued yesterday.
"It appears that documents associated with law enforcement inquiries were stolen."
"While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed," says Microsoft’s Adrienne Hall in a blog post detailing the phishing attacks. "It appears that documents associated with law enforcement inquiries were stolen." Microsoft says it will "take appropriate action" if it finds customer information related to the law enforcement requests has been compromised, but the company will not comment "on the validity of any stolen emails or documents."
Microsoft appears to be preempting any future leaks of employee emails and documents. The Syrian Electronic Army has published internal email conversations so far, but the hacking group has not yet posted any documents publicly. Microsoft’s warning comes just days after the company’s Office blog was compromised and defaced hours after it was updated with a new design. Microsoft’s official news blog and Twitter account were also compromised earlier this month, alongside the official Xbox support Twitter account. The Syrian Electronic Army also managed to gain access to the official Skype blog and Twitter account on January 1st.