| SAN FRANCISCO
SAN FRANCISCO Microsoft Corp said on
Wednesday it will begin warning users of its Outlook.com email
service when the company suspects that a government has been
trying to hack into their accounts.
Microsoft told Reuters about the plan in a statement. It
comes nine days after Reuters asked the company why it had
decided not tell victims of a hacking campaign, discovered in
2011, that had targeted international leaders of China's Tibetan
and Uighur minorities in particular.
According to two former employees of Microsoft, the
company's own experts had concluded several years ago that
Chinese authorities had been behind the campaign but the company
did not pass on that information to users of its Hotmail
service, which is now called Outlook.com.
In its statement, Microsoft said neither it nor the U.S.
government could pinpoint the sources of the hacking attacks and
that they didn't come from a single country.
The policy change at the world's largest software company
follows similar moves since October by Internet giants Facebook
Inc, Twitter Inc and most recently Yahoo Inc
Google Inc pioneered the practice in 2012 and said
it now alerts tens of thousands of users every few months.
For two years, Microsoft has offered alerts about potential
security breaches without specifying the likely suspect.
In the statement, Microsoft said: "As the threat landscape
has evolved our approach has too, and we'll now go beyond
notification and guidance to specify if we reasonably believe
the attacker is 'state-sponsored'."
Microsoft declined to say what role, if any, the Hotmail
hacking campaign played in its policy change.
The Hotmail attacks had also targeted diplomats, media
workers, human rights lawyers, and others in sensitive positions
inside China, according to the former employees.
Microsoft had told the targets to reset their passwords but
did not tell them that they had been hacked. Five victims
interviewed by Reuters said they had not taken the password
request as an indication of hacking.
Online free-speech activists and security experts have long
called for more direct warnings, saying that they prompt
behavioral changes from email users.