Microsoft failed to inform Hotmail users about hacks

In 2011, Microsoft failed to warn Tibetan and Uyghur Hotmail users, among others, about attacks by Chinese hackers, former employees told Reuters news agency. Microsoft has now decided to inform users about hacking attempts by governments.

In 2011, Trend Micro identified a vulnerability in Hotmail that allowed attackers to forward copies of emails to their own address. As a result, Microsoft launched its own investigation and found that email interception had been going on since July 2009 and that messages from Tibetan and Uyghur leaders in various countries were the main target. Diplomats and human rights lawyers in China also turned out not to be safe. Two former Microsoft employees now tell Reuters that while it was clear that a large part of the attacks came from China, the company decided not to warn the victims.

Microsoft did send an email to affected users urging them to change their passwords, but did not give a reason. The company itself states that this way action could be taken quickly and that it was not clear at the time where the attacks came from. However, other sources, who were aware of the discussion, report that Microsoft did not want to anger the Chinese government.

Microsoft has now announced that it will warn users in the future if there are signs of hacking by governments. The company thus follows the line of many other major players, including Google, Twitter and Facebook. It is therefore not the first time that a company has blamed Chinese hackers; Google did this in 2011.