Microsoft admits hackers have stolen its law enforcement documents

Microsoft has confirmed that it was a victim of a cyber-attack recently, a result of which documents had been stolen. The company announced that documents related to law enforcement inquiries had been acquired by hackers, when certain employee accounts were compromised.

In a blog post on the TechNet website, the company said that a certain number of employee email and social networking accounts were hacked into using a phishing bait. While these kind of attacks aren’t exactly uncommon, it seems that the problem was a tad bigger than Microsoft was expecting.

During its investigation into the phishing attacks, Microsoft realised that unauthorised access to certain employee accounts had led to documents associated with law enforcement inquiries being stolen. The company has assured, though, that if it finds customer information related to those requests had been compromised, it will take appropriate action.

Keeping customer and employee privacy in mind, as well as sensitivity of law enforcement inquiries, Microsoft has said that it will not comment on the validity of any stolen emails or documents.

While Microsoft is maintaining a stoic silence over who could have perpetrated the hacks in its blog posts, the company earlier confirmed to The Verge that the Syrian Electronic Army (SEA) was behind these attacks. The hacker group had also  posted screenshots of supposed internal emails of the company. The mails are supposed to have been obtained from the employee’s Outlook Web Access account.

Despite posting screenshots of internal emails, the SEA has not posted any documents that Microsoft has claimed to have been leaked, or even made any claims that it is in possession of them. The SEA seems to be taking a special interest in hacking Microsoft’s accounts. The hacking group had managed to sneak into the company’s Skype blog and Twitter account on New Year’s Day too. Microsoft also saw its Office blog hacked and defaced a few days ago.

Microsoft is now aiming to take preemptive action to avoid any leaks and hacks in the future. The efforts include employee education and guidance reviews, additional reviews of technologies in place to manage social media properties, and process improvements based on the finding of Microsoft’s internal investigations.