Microsoft has announced that it will be informing users if it suspects that a government organisation is attempting to hack into their accounts.
The measure includes Outlook.com and OneDrive accounts, as well as the standard Microsoft Account used to log in to your Xbox or a Windows 10 PC.
The news came in a blog post by Microsoft Vice President for Trustworthy Computing Scott Charney, and also included advice on securing and monitoring your Microsoft account against attacks, whether from criminals or governments. Charney wrote that, in addition to existing security measures and alerts, “we will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state.”
Charney writes that such “state-sponsored” attacks are of particular concern because “it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised.” He makes it clear that receiving a warning of an attack doesn’t necessarily mean that your account has been breached, but that “we have evidence your account has been targeted, and it’s very important you take additional measures to keep your account secure”.
The company won’t provide specific information about the identity or methods beyond notifying you that it has evidence that a nation state has taken an interest in your account, but Charney’s blog post makes a number of extra recommendations to keep yourself and your Microsoft account secure online.
Like most other online services, Microsoft supports two-factor verification, which means that no one will be able to connect to your account from a new device without first entering a code sent you by email or text message. You’re also advised to use strong passwords and monitor your recent account activity for anything that doesn’t match up with your own usage patterns.
Microsoft’s addition of a warning specific to specifically alert users to hacking attempts by state-sponsored actors follows the implementation of similar measures by Twitter and Facebook earlier this year.