Microsoft (NASDAQ:MSFT) admitted Thursday that it had read the contents of a blogger's Hotmail inbox in an effort to identify an employee who was suspected of leaking confidential company information.
According to John Frank, deputy general counsel for Microsoft, the company “took extraordinary actions in this case,” and would consult an outside attorney to confirm the legality of the action, which came to light as part of a lawsuit filed against a former Microsoft employee, Alex Kibalko, a Russian native based in the company's Lebanon office.
Microsoft claims it found, in September 2012, that Kibalko was allegedly leaking proprietary code from its Windows 8 operating system, which was not yet released at the time, after examining the Hotmail account of the blogger, who later posted screenshots of the unreleased OS on his blog.
“After confirmation that the data was Microsoft's proprietary trade secret, on September 7, 2012, Microsoft's Office of Legal Compliance (OLC) approved content pulls of the blogger's Hotmail account,” according to FBI agent Armando Ramirez, cited by Associated Press.
The email search, which took place months before Ramirez received the results of Microsoft’s internal investigation in July 2013, revealed that Kibalko shared fixes for the Windows 8 RT OS and a software development kit, which could be exploited by hackers to better understand how Microsoft uses product keys to activate software.
In addition to the email search, Microsoft also read instant messages exchanged between Kibalko and the blogger whose identity was not revealed. The company also admitted to scanning through files in Kibalko's cloud-storage account.
A BBC report said Friday that the search by Microsoft was legal because it fell within the company’s terms of service, which allows the company to access information in accounts that are stored on its “Communication Services,” which include email, chat areas, forums and other communication features.
Recently, Microsoft has, along with other technology companies, taken a stand against intrusions into customer accounts, following NSA whistleblower Edward Snowden's disclosure of instances of the U.S. government spying on users’ online activities.