Microsoft will Now Tell you if Your Account is Targeted by State-Sponsored Hackers
In a blog post this week, Scott Charney, Microsoft's VP of trustworthy computing, announced that the company will now alert users if their account is targeted or compromised by an attacker acting on behalf of a nation state.
The company already notifies users if it believes their accounts have been targeted or compromised by a third party. "We're taking this additional step of specifically letting you know if we have evidence that the attacker may be 'state-sponsored' because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others," wrote Charney.
Charney went on to write if someone receives one of these notifications it doesn't mean his or account has been compromised, but it does mean that Microsoft has evidence that the account has been targeted. Users should take additional steps to keep their account secure.
Microsoft won't provide detailed or specific information about the attackers or their methods, but will say if the attacker is state sponsored if the evidence reasonably suggests so.
The company joins a line of tech companies vowing to inform users if their accounts are targeted by state-sponsored hackers. Recently Twitter sent a warning to some users who may have been targeted and in October Facebook announced it would be issuing these types of alerts as well. Google has been using these warnings since 2012.
Microsoft's announcement comes at a time when lawmakers and tech companies continue to battle over security back doors that would allow government agencies and law enforcement officials investigate potential terrorist attacks.
Tech companies are opposed to back doors because it presents an opening for any hacker, not just law enforcement. "But the reality is if you put a backdoor in, that backdoor's for everybody, for good guys and bad guys," Apple CEO Tim Cook said earlier this month in a 60 Minutes interview.
To keep your account secure Charney offers a few suggestions which can be applied to any software or device.
Turn on two-step verification: After entering your password, a code is sent to you through another device, like an app on your phone or to a different email address. The code is needed before you can log in.
Pick strong passwords and change them often: There's some controversy about the true security of passwords, but for the time being, make them difficult using a mix of numbers, letters, and symbols, and change them often.
Check your account for suspicious activity: Check your recent activity page to see where your account has been accessed.
Don't open suspicious emails or websites: this is self-explanatory.
Make sure all of your software has the latest updates: Updates often include security patches and ensure your software is secure. Make sure your virus protection software is also up-to-date.