Over the past few weeks, Microsoft has been the victim of attacks that have defaced the official blogs, Twitter accounts and Facebook pages of several of its properties. The group known as the Syrian Electronic Army has claimed responsibility for these events, the most recent of which hit the official Microsoft Office blogs earlier this week.
Microsoft admitted last week, "A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted." While the company has yet to state that the SEA is responsible, Microsoft has now offered more information on these attacks that may show the impact may be bigger than first thought.
In a post on the Trustworthy Computing blog, Microsoft stated:
While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen. If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents.
In other words, it appears that the person or persons that were in charge of these attacks has gotten their hands on legal documents that are requesting Microsoft to turn over data. The blog concludes that the company is taking steps to "further strengthen our security" including "ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation."