Chinese authorities reportedly hacked into more than a thousand Hotmail email accounts several years ago, but Microsoft decided against informing the victims, former employees of the company said.
The hackers targeted international leaders of China’s Tibetan and Uighur minorities. After Microsoft conducted an investigation it discovered interception had begun in July 2009 and had compromised the emails of Chinese leaders in multiple countries. Former Microsoft employees said diplomats from Japan and Africa, human rights lawyers and others in key roles inside China were also compromised.
Microsoft says it will now change its policy and inform email customers when it suspects there has been a government hacking attempt.
The first public signal of the attacks came in May 2011. Former Microsoft employees say the company allowed the hackers to continue their campaign and did not tell Hotmail users their email had been compromised. Instead, it forced users to pick new passwords and quietly patched the vulnerability. Trend Micro eventually found more than a thousand victims.
In announcing its new policy of disclosing such attacks, Microsoft said: "As the threat landscape has evolved our approach has too, and we'll now go beyond notification and guidance to specify if we reasonably believe the attacker is `state-sponsored.’”
Google began issuing warnings about state-sponsored hacking in 2012. Yahoo and Facebook have also been issuing these types of warnings for several years.