Earlier this year, Microsoft revealed that a Russia-based cybercriminal group labeled as Midnight Blizzard got access to the email accounts of its top executives in late 2023. Today, the company has confirmed that it is informing more of its customers that emails sent to those executives were seen by that hacker group.
Reuters reports that a Microsoft spokesperson confirmed the new alerts that were sent to customers. It added:
"This is increased detail for customers who have already been notified and also includes new notifications. We’re committed to sharing information with our customers as our investigation continues."
Microsoft did not reveal how many emails were accessed by the Midnight Blizzard group. It also did not name which of its customers were affected, nor how many might have had its emails accessed.
The Russian security breach, combined with an earlier one in 2023 by Chinese hackers who accessed Outlook-based government email accounts in the US and Europe, has been a major embarrassment to Microsoft.
The company has been playing defense since these breaches went public. In November 2023, after the Chinese hacker attack was made public, Microsoft revealed its Secure Future Initiative program, which was designed to help boost its cybersecurity efforts
After the Russian hacking of Microsoft"s emails was made public earlier in 2024, the company said it was making further changes and improvements to its Secure Future Initiative program. It also said that security would become Microsoft"s top priority above everything else it was working on.
Earlier this month, Microsoft President Brad Smith went to Washington DC and gave testimony to the members of the U.S. House Committee on Homeland Security on these security breaches. As part of his remarks, Smith said that with the start of Microsoft"s new fiscal year on July 1, it would make security contributions part of every employee"s review process. Top company executives would also have their bonuses tied into their security efforts.