Microsoft Got Hacked and Did not Say Anyone

Microsoft knows that Chinese spies attack Hotmail users and do not tell anyone they are attacked, even though they know for years.

 Today, Reuters confirmed that Microsoft has agreed to change its hermetic policy on state sponsored hacks: Microsoft Corp experts have concluded a few years ago that Chinese authorities have attacked more than a thousand Hotmail e-mail accounts, specifically targeting international leaders of Tibetan and ethnic minorities. 

Uighur in China - but they decided not to tell the victims, allowing hackers to continue the campaign, according to former employees of the company. 

 On Wednesday, after a series of requests from Reuters commentators, Microsoft said it would change its policy and would in the future tell its email clients when it suspected a government hacker attempt. 

 Instead of telling people what happened, Microsoft made them change their password without explaining that, well, you know, they are the target of spying on the Internet: After a strong internal debate in 2011 was reached with Microsoft's top security official, Scott Charney, and his later adviser and now president Brad Smith, the company decided Do not warn the user clearly that anything is incorrect. 

Instead, it simply forces the user to choose a new password without revealing the reason. Facebook and Yahoo have updated their policies recently to tell users when they are targeted by state sponsored attacks like this and Google has had this policy since 2012. 

What a pity As Microsoft does not have to worry about changing its policy until it appears this way. Update 1:07: Microsoft countered Reuters news story, and suggested Gizmodo commented: Our focus is on helping customers keep their personal and private information secure. 

Our primary concern is to ensure that our customers quickly take practical steps to protect their account, including enforcing a password reset.

 We consider a number of factors to address this issue, including whether Microsoft or the United States Government does not identify the source of the attacks, and not from any country. 

We have also looked at the potential impact of any follow-up investigations and on-going measures that we are taking to prevent potential future attacks.