Last night, Microsoft announced the company will now be notifying users if their Microsoft Accounts gets attacked by an individual or group associated with a government. The company is already notifying users if they suspect any attacks on its users’ accounts. However, from now, the company will specifically tell users if the company has evidence that the attacker may be “sate-sponsored”.
We’re committed to helping our users keep their personal information secure and private. A key part of our work is identifying and preventing unauthorized access to your Microsoft Account (including Outlook.com email and OneDrive) by anyone other than you. We’re taking an additional step today. We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state. We already notify users if we believe their accounts have been targeted or compromised by a third party, and we provide guidance on measures users can take to keep their accounts secure. We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be “state-sponsored” because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
The company has also provided some help for users to allow them to keep their account and online personal information safe:
- Turn on two-step verification: This makes it harder for hackers to access your account even if they guess your password because if they try to sign in on a device Microsoft doesn’t recognize, we’ll ask for an extra security code (which you can get from a special app on your phone, sent to a different email address or via SMS text message).
- Use a strong password and change it often: Make sure your password contains a mix of letters, numbers and symbols, isn’t a complete word and is different than the password you use on other sites. Be sure to change your password often.
- Watch for suspicious activity on your account: The “Recent Activity” page on your Microsoft Account shows recent sign-ins and changes to your account, and allows you to let Microsoft know if you were not the person making these changes.
- Be careful of suspicious emails and websites: Don’t open emails from unfamiliar senders or email attachments that you don’t recognize. Be careful when downloading apps or files from the Internet, and make sure you know the source.
- Keep your computer software, including your Web browser, up to date and run an up-to-date anti-virus program: For Windows PCs, you should turn on Windows Update to ensure your PC and Microsoft software stay up to date. You should install a reputable anti-virus/ anti-malware software. Both Windows 8.1 and Windows 10 already include free anti-malware software called Windows Defender.
This is, indeed, a very impressive move from Microsoft. In case you are wondering: no, none of Microsoft’s services have been compromised. With that being said, what do you think of Microsoft’s latest announcement? Discuss in the comment section below.