Location:
State:
Carrier
Country
Status

Microsoft: Additional steps to help keep personal information secure


We’re committed to helping our users keep their personal information secure and private. A key part of our work is identifying and preventing unauthorized access to your Microsoft Account (including Outlook.com email and OneDrive) by anyone other than you.

We’re taking an additional step today. We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state.

We already notify users if we believe their accounts have been targeted or compromised by a third party, and we provide guidance on measures users can take to keep their accounts secure. We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be “state-sponsored” because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised.

If you receive one of these notifications it doesn’t necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it’s very important you take additional measures to keep your account secure. You should also make sure your computer and other devices don’t not have viruses or malware installed, and that all your software is up to date.

The evidence we collect in any active investigation may be sensitive, so we do not plan on providing detailed or specific information about the attackers or their methods. But when the evidence reasonably suggests the attacker is “state sponsored,” we will say so.

There are some important steps that everyone should take to help keep their Microsoft Account and their online personal information secure including:

  • Turn on two-step verification: This makes it harder for hackers to access your account even if they guess your password because if they try to sign in on a device Microsoft doesn’t recognize, we’ll ask for an extra security code (which you can get from a special app on your phone, sent to a different email address or via SMS text message).
  • Use a strong password and change it often: Make sure your password contains a mix of letters, numbers and symbols, isn’t a complete word and is different than the password you use on other sites. Be sure to change your password often.
  • Watch for suspicious activity on your account:The “Recent Activity” page on your Microsoft Account shows recent sign-ins and changes to your account, and allows you to let Microsoft know if you were not the person making these changes.
  • Be careful of suspicious emails and websites:Don’t open emails from unfamiliar senders or email attachments that you don’t recognize. Be careful when downloading apps or files from the Internet, and make sure you know the source.
  • Keep your computer software, including your Web browser, up to date and run an up-to-date anti-virus program:For Windows PCs, you should turn on Windows Update to ensure your PC and Microsoft software stay up to date. You should install a reputable anti-virus/ anti-malware software. Both Windows 8.1 and Windows 10 already include free anti-malware software called Windows Defender.

You can read more about the steps you can take to better protect your personal data and make any necessary changes on the Microsoft Account Security Page.


Additional steps to help keep your personal information secure - Microsoft on the Issues

This is interesting. Microsoft is going to tell the bad guys that they are being watched.

This is interesting. Microsoft is going to tell the bad guys that they are being watched.
It's more of a PR announcement than anything else... Microsoft is watching everyone, be that on devices or in the cloud. It's unlikely that the "bad guys" didn't know that, even without MS spelling it out. For that matter, it's also unlikely that the "bad guys" don't know that they are being watched by Google, Yahoo, social networks, etc.

It's more of a PR announcement than anything else... Microsoft is watching everyone, be that on devices or in the cloud. It's unlikely that the "bad guys" didn't know that, even without MS spelling it out. For that matter, it's also unlikely that the "bad guys" don't know that they are being watched by Google, Yahoo, social networks, etc.
Yes that is nice to know so they are coming in line with everyone else,

Yes that is nice to know so they are coming in line with everyone else,
MS had completed coming in line with everyone else for awhile...

They didn't have much of a choice, if they'd want to be relevant in the future...

Microsoft: Additional steps to help keep personal information secure