Microsoft Engineer's Account Breach Leads to Chinese Hack of US Officials
Microsoft has revealed that a Chinese hacking group gained access to government emails by obtaining a "Microsoft account consumer key" through a series of internal errors. The key was left in a crash dump that should have been stripped of sensitive information, and it was then transferred to the company's debugging environment. A credential scan and a compromised Microsoft engineer's account further facilitated the breach. Additionally, Microsoft failed to update its systems to authenticate keys properly, allowing threat actors to access enterprise Microsoft accounts. Microsoft has since corrected the issues and is working on strengthening its systems, but it has faced criticism for its security practices.
- A Rube Goldberg chain of failures led to breach of Microsoft-hosted government emails The Verge
- Microsoft finally explains cause of Azure breach: An engineer’s account was hacked Ars Technica
- Microsoft says compromise of its engineer's account led to Chinese hack of US officials Yahoo News
- Breach of Microsoft engineer’s account likely led to hack of U.S. officials The Seattle Times
- The Comedy of Errors That Let China-Backed Hackers Steal Microsoft's Signing Key WIRED
- View Full Coverage on Google News
Reading Insights
0
1
2 min
vs 3 min read
79%
496 → 106 words
Want the full story? Read the original article
Read on The Verge