Microsoft admits Syrian Electronic Army email and social media hack

Blue padlocks with one red padlock representing security hole

Microsoft's Xbox Support and News Twitter accounts were apparently hijacked and their internal email accounts compromised on Friday 10 January by someone claiming to be acting on behalf of the Syrian Electronic Army.

We can confirm that no customer information was compromised.

The company's official Microsoft Blog and Instagram accounts were also allegedly affected.

Despite having admitted the Xbox Support and Microsoft News Twitter accounts had been compromised, the organisation initially declined to comment on reports its internal email system had been broken into. However, the company has now admitted the truth of these claims.

In a statement to The Register, a spokesperson said: "A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted. These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue."

While the social media hack hack lasted less than an hour, this is the second time in nine days a Microsoft brand has fallen victim to an attack by the pro-Assad hacking collective.

On 2 January, the group appeared to have gained control of the company's Skype Twitter account, official Skype Facebook page and the Skype blog.

The Syrian Electronic Army subsequently posted a couple of screen grabs as proof of their hack, with both Instagram and Twitter accounts showing an edit' button that is normally only available to administrators.

According to a screen grab taken by The Next Web, the hijackers managed to get a few tweets out, including "Syrian Electronic Army was here" and "From #SEA.. Game on!".

The collective's screengrab from the Official Microsoft Blog appears to show a post dated 11 January 2014 that reads "Hacked by Syrian Electornic Army".

A Microsoft spokesperson told IT Pro: "Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised."

This story was originally published on 13 January, but was updated on 16 January to reflect new information about Microsoft's internal email systems being compromised.

Jane McCallion
Managing Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.