Tech

Microsoft pledges to inform users of state surveillance, account hacking

The tech giant will now tell you if your account has been targeted or compromised by government authorities.

Written by Charlie Osborne, Contributing Writer Dec. 31, 2015 at 5:01 a.m. PT

Microsoft has pledged to inform users if their online communications are being targeted and monitored by government entities and state actors.

Following the trail blazed by Facebook, Twitter and Google, the Redmond giant says the firm will notify users if any part of their Microsoft account -- including Outlook.com email and OneDrive has been "targeted or compromised by an individual or group working on behalf of a nation state."

Microsoft already tells users when alerts flag up suggesting accounts have been hacked by third parties, but on Wednesday, Microsoft Vice President Scott Charney said the company is willing to take additional steps to protect the personal information of its users.

Security

The company says the attention of "state sponsored" entities is dangerous as it is likely government or state-based hackers will have access to tools and resources beyond your homegrown hacker.

While quick to point out such attention doesn't mean that Microsoft's own security or systems are necessarily compromised when an alert is issued, it does mean that users should take extra precautions if they attract these sorts of characters.

Additional steps to ensure your accounts remain safe can include turning on two-step verification -- such as linking your account to your smartphone -- changing passwords regularly and keeping an eye out for suspicious activity through the "Recent Activity" page on your Microsoft account.

Another way to keep your personal data and accounts safe is a simple one -- be wary of opening suspicious emails and both clicking on links and downloading attachments held within. Known as phishing campaigns, fraudulent emails which deliver malware payloads on to victim machines or direct users to malicious websites are a common tactic used to steal user credentials as well as compromise their systems and overall privacy.

If Microsoft users receive an alert forewarning them of state interest in their account, this doesn't automatically mean their accounts have been hacked. As explained by Charney:

"If you receive one of these notifications it doesn't necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it's very important you take additional measures to keep your account secure.
You should also make sure your computer and other devices don't not have viruses or malware installed, and that all your software is up to date."

While Microsoft will not reveal the threat actors behind state-sponsored attacks or their methods -- as the information may be "sensitive," -- the company will let you know when hacking attempts come from these sources.

The Redmond giant is not the only company to begin warning users of state-sponsored attacks in recent weeks. Earlier this month, Yahoo also joined the cause, pledging to tell account holders when their data is being targeted by state-based threat actors.