Last week, we reported that the Syrian Electronic Army, or “SEA” for short, had forced their way into several official Twitter and email accounts of Microsoft employees currently working at the Redmond, WA tech firm.
After posting several tweets from the official podiums of Microsoft about the correspondence the software manufacturer may or may not have participated in with local and federal law enforcement agencies, officials at the company are now confirming that several emails containing sensitive information were in fact compromised in the phishing attack.
The general manager at Microsoft’s Trustworthy Computing Group, Adrienne Hall, recently summarized the breadth of the attack in a blog post on their website.
“While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen.”
In a summary covering the first half of 2013, the Microsoft Law Enforcement Requests Reports suggests that the company received 37,196 requests from various agencies in six months, which has the potential to impact upwards of 66,539 separate accounts in its userbase.
As of yet there have been no announcements on the exact details of what was taken, however some believe that the haul must have been significant if it was enough to prompt an official public response from the company.