Over the weekend, Microsoft‘s official blog and a couple of its Twitter accounts were hacked by the Syrian Electronic Army, a breach that followed the New Year’s infiltration of Microsoft’s Skype blog and social accounts. In addition to the company’s official blog, the Microsoft News (@MSFTNews) and Xbox Support (@XboxSupport) on Twitter were also breached, all of them used in the same slightly-strange manner as the SEA’s previous exploits.
The posts made by the Syrian Electronic Army have since been removed, but GameSpot is reporting the Xbox Support tweets included things like “Game On!” and “Syrian Electronic Army Was Here”, as well as a screenshot demonstrating access to the Xbox Instagram and Twitter accounts. The tweets on the Microsoft News Twitter account were a little more substantial, hocking Google Chrome and Mozilla Firefox and saying, “Don’t use Microsoft emails(hotmail,outlook),They [sic] are monitoring your accounts and selling the data to the governments.”
Thus far, it seems Microsoft hasn’t stated how the breaches took place — either these latest ones or the Skype hacks — but previous victims of the Syrian Electronic Army have published notices saying the breaches happen using low-level methods involving fake links and tricking a user or two into revealing their log-in details.
The tweets made by the SEA during the Skype hackers were similar in nature to these latest ones — in some cases, tweets were recycled — and in neither instances were user data compromised. Said a Skype spokesperson at the time: “We recently became aware of a targeted cyber attack that led to access to Skype’s social media properties, but these credentials were quickly reset. No user information was compromised.”