Microsoft refrained from warning Tibetan and Uyghur e-mail hack victims

Microsoft headquarter in Redmond, Washington, U.S. (Photo courtesy: Bloomberg)
Microsoft headquarter in Redmond, Washington, U.S. (Photo courtesy: Bloomberg)

(, Jan02’16) –Microsoft had learnt some years ago that the hotmail accounts of Tibetan and Uyghur activists had been hacked into but chose not to warn them for fear of offending China, reported Dec 31. The report said the company’s experts had concluded that more than a thousand such accounts had been compromised.

The report cited former employees of the company as saying, Microsoft chose not to notify the victims for fear of angering the Chinese government, even though this may have put lives at risk.

The report cited a Reuters article as explaining that Microsoft’s investigation found that “interception had begun in Jul 2009 and had compromised the emails of top Uighur and Tibetan leaders in multiple countries, as well as Japanese and African diplomats, human rights lawyers and others in sensitive positions inside China.”

Given the fact that China considers Tibet and the Uyghurs’ homeland of Xinjiang highly sensitive areas, and has responded to their calls for greater local independence with harsh repressive measures, the hacking of their email accounts by the Chinese authorities become an extremely serious matter: confidential information gathered in this way may have exposed local activists to the risk of arrest or worse.

The report said that after “a vigorous internal debate in 2011,” Microsoft decided to force the affected users to pick new passwords, but without telling them why. But, as noted by sources within the company, “it was likely the hackers by then had footholds in some of the victims’ machines and therefore saw those new passwords being entered.”

The report noted that Reuters had sought out five victims of the Hotmail hack: two Uyghur leaders, a senior Tibetan figure and two people in the media dealing with “matters of interest to Chinese officials.” Although they have recalled the password resets, none had taken it as a warning that their account had been compromised, or that they should be cautious in terms of what they wrote in e-mails thereafter.



Please enter your comment!
Please enter your name here