In another Microsoft security “erk!” moment, the infamous Syrian Electronic Army (SEA) over the weekend hijacked multiple Microsoft Twitter accounts, The Official Microsoft Blog at blogs.technet.com and an Xbox support account.
An SEA member called “Syrian Eagle” told Mashable in an email that this is just the beginning.
The beginning? Well, technically, it’s more like Act 2, given that a few weeks ago, Microsoft’s Skype brand had its Twitter, Facebook and WordPress accounts hacked by someone claiming to be the SEA.
Syrian Eagle told Mashable that Microsoft deserves what it got because it’s hawking data to US snoops and multiple governments.
The SEA will publish proof of the allegations, Syrian Eagle said:
Microsoft is monitoring emails accounts and selling the data for the American intelligence and other governments.
And we will publish more details and documents that prove it.
Microsoft is not our enemy but what they are doing affected the SEA.
On Saturday, the pro-Assad group took over the @MSFTnews and @XboxSupport Twitter accounts and posted various messages hashtagged “SEA”, according to Mashable.
One read: “Don’t use Microsoft emails (Hotmail, outlook), They are monitoring your accounts and selling the data to the governments.”
The takeovers appear to have been brief: the messages are no longer live, and a Microsoft spokesperson sent this statement to The Register:
Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised.
The attackers also Tweeted a screenshot of what appears to be a takeover of The Official Microsoft Blog at blogs.technet.com:
Microsoft didn’t put out a statement about the alleged attack, but Mashable says its reporters saw it in action and confirmed that it lasted about an hour.
Mashable also posted a screenshot showing multiple “Syrian Army Was Here” messages on the defaced site. Others reported that the blog was either forcing a redirect to the SEA’s site or displaying the defaced blog.
At any rate, the blog is now under the company’s control.
Microsoft responded to the SEA charges about monitoring email by sending this statement to Mashable:
We’re actively investigating issues and are focused on protecting our employees and corporate network. Microsoft is sometimes obligated to comply with legal orders from governments around the world and provides customer data only in response to specific, targeted, legal demands.