Zeba Siddiqui
(Reuters) – Russian hackers who broke into Microsoft (NASDAQ:) systems and spied on employee email accounts earlier this year also stole emails from its customers, the tech giant said on Thursday, about six months after it first reported the intrusion.
The disclosure underscores the scale of the hack as Microsoft faces increased scrutiny from regulators over the security of its software and systems from foreign threats. An alleged Chinese hacking group that separately hacked Microsoft last year stole thousands of US government emails.
The Russian government never responded to Microsoft’s hacking allegations, but Microsoft said hackers targeted cybersecurity researchers who were investigating a Russian hacking group.
“This week we are continuing to send notices to customers who communicated with Microsoft business email accounts that were compromised by the Midnight Blizzard attacker,” a Microsoft spokesperson said in an emailed statement. Bloomberg first reported the stock earlier in the day.
Microsoft said it also shared the compromised emails with its customers, but did not say how many customers were affected or how many emails may have been stolen.
“This is more detailed information for customers who have already been notified and also includes new notifications,” the spokesperson said. “We are committed to sharing information with our customers as our investigation continues.”
Back in January, the world’s largest software provider said that Midnight Blizzard had gained access to a “very small percentage” of the company’s corporate email accounts. Four months later, the company said hackers were still trying to break in, alarming many security industry colleagues and customers who wondered why Microsoft systems remained vulnerable.
Those intrusions, as well as a Chinese hack last year, prompted a congressional hearing earlier this month in which Microsoft President Brad Smith said the company was working to overhaul its security practices.