Skip to main content

Microsoft social media platforms hacked by SEA

The Syrian Electronic Army has claimed responsibility for hijacking two Microsoft Twitter accounts and an official blog, a week after Skype's social media accounts were compromised.

The @MSFTnews and @XboxSupport Twitter accounts were used by the hackers to post anti-surveillance messages against Microsoft with the hashtag "SEA".

According to screenshots taken from the SEA's Twitter account, one tweet from @MSFTnews read: "Don't use Microsoft emails (hotmail, outlook), they are monitoring your accounts and selling the data to the governments."

It was a carbon copy of one of the messages posted on a Skype blog just over a week ago, also claimed to be hacked by the SEA.

All messages have since been removed and according to Microsoft the accounts are no longer compromised.

"Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts," a Microsoft spokesperson told the Register. "The accounts were quickly reset and we can confirm that no customer information was compromised."

The SEA has gained a reputation for security breaches of high level targets, including the Guardian and the New York Times.

The method of hacking is believed to be similar for all of the attacks. Rick Ferguson, vice president of security research at Trend Micro, previously stated it was most likely that employees were sent emails containing malware that then divulged usernames and passwords.

"Key individuals in the target enterprise would have received well-crafted and convincing emails, either with a malicious file attached, or containing a credible-looking link," Ferguson said. "Once compromised through either infection or phishing, then the account usernames and passwords would be available to the attacker, allowing further malicious activity."