January 21, 2014
Microsoft Office Blog Latest Victim Of SEA Hack Attack
Enid Burns for redOrbit.com - Your Universe Online
The Syrian Electronic Army (SEA) has taken responsibility for hacking the Microsoft Office Blog only hours after the release of a redesign of the blog.
Messages on the blog were changed and taunting tweets from the Syrian Electronic Army were sent out, PCWorld reports. The group posted an article on the blog titled "Hacked by the Syrian Electornic Army," though the article has been removed, it remains visible in Google's cache.
The Syrian Electronic Army also posted screenshots on Twitter of the administration panel, and a tweet reading "changing the CMS will not help you if your employees are hacked and they don't know about that," The Verge reported.
Microsoft confirmed the security breech in an official statement: "A targeted cyberattack temporarily affected the Microsoft Office blog," says a Microsoft spokesperson. "The account was quickly reset and we can confirm that no customer information was compromised.”
More details from a Microsoft representative reveal the most recent attack was infiltrated by means of phishing. "A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted,” a Microsoft representative said Thursday via email. “These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue."
While Microsoft maintains that no customer information was compromised, it has been discovered that a handful of Microsoft employee email accounts were accessed by the Syrian Electronic Army. In addition to posts on the Microsoft Office Blog and tweets taunting the software company, "some details of internal conversations were posted," according to The Verge.
The attack occurred just hours after Microsoft went public with its redesign of the blog. "The screenshots seem to suggest SEA had access to the site before and after the CMS (content management system) switch and support the group’s previous claims that it had access to various Microsoft employee accounts," wrote PCWorld's Lucian Constantin.
The Syrian Electronic Army also attacked the official Xbox support Twitter account during this most recent volley.
This week's attacks follow a string of attacks against Microsoft. The month started with a breach of Skype's social media feeds, followed by attacks on several of Microsoft's Twitter accounts the following week. During the Twitter takeover, the Syrian Electronic Army posted pro-Syria messages and criticized Microsoft.
One of messages the hackers posted on Skype during the takeover said, "Don't use Microsoft emails (hotmail, outlook), They are monitoring your accounts and selling the data to the governments. More details soon #SEA."
The Syrian Electronic Army has surfaced numerous times over the past several months as the hacking force behind several key data breaches. In addition to Microsoft properties, the group has claimed responsibility for breaches to Snapchat and media outlets such as The New York Times, the Washington Post, CNN and Time.