The software giant confirmed that it has been hacked, but said
that it was unlikely that the blueprints of its most recent Windows
and Office software had been stolen.
According to WSJ.com, the breach was discovered this week by
security staff when they found internal passwords being sent out to
an e-mail account in St. Petersburg, Russia. Hackers are thought to
have been evading Microsoft security for the past three months.
The company is now checking that the hackers did not alter any
of its commercial software during that time. It was only last month
when the company released its latest version of Windows, Windows
ME; the danger is that some of the files in it have been corrupted
by the hackers.
WSJ.com reported that QAZ Trojan hacking software was used in
the attack on Microsoft. The software is hidden in an attachment to
an e-mail that is triggered by the recipient opening the
attachment. It is thought that other software was used to collect
employee passwords and the hackers then used these to gain access
to secure areas in the network to download files.
John Salmon of OUT-LAW.COM commented:
“This incident is likely to give Microsoft
many concerns. Among these will be its potential liability to users
for damaging software if it becomes apparent that, for example,
Windows ME is carrying code put there by hackers that could
adversely affect users’ computers or their systems.
“The company will possibly have the code of
other companies in its network that it is supposed to keep
confidential. If this confidentiality has been compromised and it
is not only Microsoft code which has been obtained by hackers, then
Microsoft may find itself in difficulties with these other
companies.
“A crucial question is whether Microsoft had
adequate security in operation at the time of the incident.
Microsoft’s users and partners will want to know that they are
doing everything they can to prevent this type of problem.”
