Microsoft becomes third company to suffer compromise via malicious website visit

Share this article:
Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday
Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday

Microsoft has confessed that it has fallen victim to the same attack as both Facebook and Apple.

In a blog post, Matt Thomlinson, general manager of Microsoft's Trustworthy Computing Security, said that Microsoft can confirm that it also recently experienced a similar security intrusion to the internet giants.

He said: “Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organisations. We have no evidence of customer data being affected and our investigation is ongoing.”

The incident is extremely similar to the one suffered by Facebook, who discovered that its systems had been targeted in a sophisticated attack when some employees visited a mobile developer website that had been compromised, and Apple, whose employees had visited a website for software developers that had been infected with malicious software.

Web development company iPhoneDevSDK shouldered the responsibility for the Facebook compromise, with administrator Ian Sefferman saying that it was alerted to the fact that its site was "part of an elaborate and sophisticated attack whose victims included large internet companies" and prior to media attention, it had no knowledge of the breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach.

Thomlinson said: “This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries. We continually re-evaluate our security posture and deploy additional people, processes and technologies as necessary to help prevent future unauthorised access to our networks.”

Share this article: