Former Employees Claim Microsoft Failed to Warn Victims of Chinese Email Hack

Joseph Menn, reporting last week for Reuters:

Microsoft Corp experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular — but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company. […]

After a vigorous internal debate in 2011 that reached Microsoft’s top security official, Scott Charney, and its then-general counsel and now president, Brad Smith, the company decided not to alert the users clearly that anything was amiss, the former employees said. Instead, it simply forced users to pick new passwords without disclosing the reason.

The employees said it was likely the hackers by then had footholds in some of the victims’ machines and therefore saw those new passwords being entered.

One of the reasons Microsoft executives gave internally in 2011 for not issuing explicit warnings was their fear of angering the Chinese government, two people familiar with the discussions said.

Tuesday, 5 January 2016