The software giant confirmed that it has been hacked, but said that it was unlikely that the blueprints of its most recent Windows and Office software had been stolen.
According to WSJ.com, the breach was discovered this week by security staff when they found internal passwords being sent out to an e-mail account in St. Petersburg, Russia. Hackers are thought to have been evading Microsoft security for the past three months.
The company is now checking that the hackers did not alter any of its commercial software during that time. It was only last month when the company released its latest version of Windows, Windows ME; the danger is that some of the files in it have been corrupted by the hackers.
WSJ.com reported that QAZ Trojan hacking software was used in the attack on Microsoft. The software is hidden in an attachment to an e-mail that is triggered by the recipient opening the attachment. It is thought that other software was used to collect employee passwords and the hackers then used these to gain access to secure areas in the network to download files.
John Salmon of OUT-LAW.COM commented:
“This incident is likely to give Microsoft many concerns. Among these will be its potential liability to users for damaging software if it becomes apparent that, for example, Windows ME is carrying code put there by hackers that could adversely affect users’ computers or their systems.
“The company will possibly have the code of other companies in its network that it is supposed to keep confidential. If this confidentiality has been compromised and it is not only Microsoft code which has been obtained by hackers, then Microsoft may find itself in difficulties with these other companies.
“A crucial question is whether Microsoft had adequate security in operation at the time of the incident. Microsoft’s users and partners will want to know that they are doing everything they can to prevent this type of problem.”