Microsoft's Xbox Support and News Twitter accounts were apparently hijacked and their internal email accounts compromised on Friday 10 January by someone claiming to be acting on behalf of the Syrian Electronic Army.
We can confirm that no customer information was compromised.
The company's official Microsoft Blog and Instagram accounts were also allegedly affected.
Despite having admitted the Xbox Support and Microsoft News Twitter accounts had been compromised, the organisation initially declined to comment on reports its internal email system had been broken into. However, the company has now admitted the truth of these claims.
In a statement to The Register, a spokesperson said: "A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted. These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue."
While the social media hack hack lasted less than an hour, this is the second time in nine days a Microsoft brand has fallen victim to an attack by the pro-Assad hacking collective.
On 2 January, the group appeared to have gained control of the company's Skype Twitter account, official Skype Facebook page and the Skype blog.
The Syrian Electronic Army subsequently posted a couple of screen grabs as proof of their hack, with both Instagram and Twitter accounts showing an edit' button that is normally only available to administrators.
According to a screen grab taken by The Next Web, the hijackers managed to get a few tweets out, including "Syrian Electronic Army was here" and "From #SEA.. Game on!".
The collective's screengrab from the Official Microsoft Blog appears to show a post dated 11 January 2014 that reads "Hacked by Syrian Electornic Army".
A Microsoft spokesperson told IT Pro: "Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised."
This story was originally published on 13 January, but was updated on 16 January to reflect new information about Microsoft's internal email systems being compromised.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Twitter API keys found leaked in over 3,200 apps, raising concerns for linked accountsNews Business and verified Twitter accounts linked to affected apps are at risk of takeover, use in malicious campaigns
-
The Twitter hack, and why we need a better class of criminalOpinion The bitcoin scammers’ biggest crime isn’t fraud - it’s lack of imagination
-
Media and telco consortium calls for social media regulationNews Companies including Channel 4, BT and the BBC urge the government to place firms like Facebook under greater oversight
-
Twitter alerts users after squashing password revealing internal bugNews The company is advising users to reset their passwords 'in the interests of caution'
-
Twitter freezes accounts in the wake of password leakNews Company requests password resets as security measure
-
Twitter blocks US intelligence agencies from Dataminr alerts
News Social media service has alerted US government of terror attacks before news media
-
Twitter will warn you of state-sponsored attacksNews Social network follows in the footsteps of Facebook by alerting users targeted by governments
-
Virginia shooting - don't open that link!Opinion Scammers and cyber criminals love to capitalise on tragedy, and we can't help but click
