The company has lately been targeted by the pro-Assad Syrian Electronic Army (SEA), which managed to compromise a number of Microsoft's official blogs, Twitter accounts, and email accounts.
"If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents," wrote Adrienne Hall, general manager at Microsoft's Trustworthy Computing Group.
While she hasn't said who was behind all these attacks, she has commented that all these phishing attacks seem to be related.
In the meantime, SEA apparently confirmed they were behind the attack, and said that they will be publishing the stolen legal documents on a media site, to prove that it's not just law enforcement who asks for user data from Microsoft.
Hall has downplayed the attack, saying that "many companies grapple with phishing attempts from cybercriminals." She also noted that they will continue to educate employees and make changes to how their social media properties are run, after an internal investigation shows where the weak points are.