Microsoft promises to notify its users if it believes that the government is targeting their account. In its announcement post, the company says it already notifies subscribers if an unauthorized person is trying to access their Outlook email and OneDrive.
On Wednesday, after a series of requests for comment from Reuters, Microsoft said it would change its policy and in future tell its email customers when it suspects there has been a government hacking attacks. Microsoft spokesman Frank Shaw said the company was never certain of the origin of the Hotmail attacks.
According to two former employees of Microsoft, the company’s own experts had concluded several years ago that Chinese authorities had been behind the campaign but the company did not pass on that information to users of its Hotmail service, which is now called Outlook.com. In its statement, Microsoft said neither it nor the U.S. government could pinpoint the sources of the hacking attacks and that they didn’t come from a single country.
For two years, Microsoft has offered alerts about potential security breaches without specifying the likely suspect.
In a blog post published late Wednesday, Microsoft said: “We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.
The Hotmail attacks targeted diplomats, media workers, human rights lawyers, and others in sensitive positions inside China, according to the two former employees of Microsoft.
Microsoft had told the targets to reset their passwords but did not tell them that they had been hacked. Five victims interviewed by Reuters said they had not taken the password reset as an indication of hacking.
Online free-speech activists and security experts have long called for more direct warnings, saying that they prompt behavioral changes from email users.