When the Syrian Electronic Army first gained control over two of Microsoft’s Twitter accounts this week, some suspected they had also gained access to the internal email accounts of the manager in charge of moderating their social media presence, Steve Clayton.
SEA published several pictures which claimed to have been taken from within the compromised account, however Microsoft initially brushed them off, stating that something like that could easily be faked in pursuit of increased publicity.
Today they drastically changed their tune and confirmed that the images were in fact real, proving that the email address of their network had been temporarily lost during SEA’s onslaught.
“A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted. These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue.”
Supposedly only three accounts in total were taken over during the attack, so the potential damage to Microsoft is minimal at best, discounting the embarrassment their security team must feel from being outsmarted in such a public manner.
The lack of control over their own services doesn’t exactly make the software and security giant look good, but on the whole people seem to understand that the success of SEA’s defacement do not necessarily dictate the rest of the company’s security policy for their flagship suite of Windows software.