Over the past few weeks, Microsoft’s web properties have been compromised by the Syrian Electronic Army. While Microsoft was able to quickly regain control of these online assets, Microsoft’s Office blog has been compromised by SEA.
You can clearly see in the screenshot above that SEA has made several posts to show that they have obtained access to the blog. While this is likely not a hack, as many will call it, SEA did promise a few days back that the shenanigans were not over and that they would continue their attack on Microsoft.
Naturally, these types of events are an embarrassment to Microsoft but we would hedge that SEA was able to obtain the passwords using phishing attacks that Microsoft previously confirmed. Obviously, no company wants to have its web properties compromised and we expect these posts to be taken down quickly.
But the bigger question remains is; if the SEA group has access to more properties? While we now know that they could access the Office blog, they may have been able to obtain more passwords to other properties. While we suspect Microsoft likely scrubbed the machines that were involved with the phishing attack, the worst-case scenario would be that SEA still has access to some email accounts.
These types of attacks typically are harmless to Microsoft, aside from the embarrassment, and are typically non-destructive in terms of deleting mass quantities of data. But, an intrusion is an intrusion and you would have thought Microsoft would have ordered all web property passwords to be changed after the first compromise, but here we are with the Office blog having been infiltrated long after the other properties were restored.
We will be watching closely to see if this is the end of the SEAs debauchery or if they have any more tricks up their electronic sleeves.