Today, the official Office blogs debuted a new look and feel, and thanks to the Syrian Electronic Army (@Official_SEA16), it became obvious that they made a switch from the proprietary and ASP.net powered Telligent CMS (what used to be called Community Server back when we used it) to a variation of WordPress. In the past few weeks, the Syrian Electronic Army (Wikipedia) broke into some Microsoft properties, including the Skype blog and some corresponding social media accounts, a Bit.ly account (which would have given them access to Twitter and Facebook and more), and some Outlook Web Access email accounts.
Today, however, they apparently were intent on raining on the Office Blog’s big transition to WordPress (of course, the fact that they’re now using WP isn’t much of a secret: a simple View Source would have revealed the same thing, although obviously not administration access). The hacker group posted screenshots of both the Telligent and the WordPress admin panels:
As the Syrian Electronic Army so helpfully pointed out:
Dear @Microsoft, Changing the CMS will not help you if your employees are hacked and they don’t know about that. #SEA
— SyrianElectronicArmy (@Official_SEA16) January 20, 2014
Why Microsoft didn’t take the time to go back and change all of their passwords is indeed an obvious question, but having just gone through a site upgrade ourselves (and having previously gone through the Telligent to WordPress transition, too), it apparently slipped through the cracks.
The hacked posts and hopefully rogue access has been removed, and we do commend Office for upgrading its blogs, however inauspicious their start. For the record, the Office blogs have adopted a nice clean new look:
They’ve made the site responsive, done away with the annoying necessity to remember your login credentials (you now only need to provide a name and email address), and included provisions for pinning the Office Blog sites to Windows 8 or Windows Phone, making use of Live Tiles. They’ve also implemented a filter system to show you blog posts only for products you use, and making it easy for you to subscribe.
While there simply isn’t any excuse for Microsoft not to have a better handle on its security, even when it comes to company blogs, we’re sympathetic to their plight. Good luck, Office blogs (and get it together, mkay?)
