A new report from the US Cyber Safety Review Board has found that Microsoft could have prevented Chinese hackers from breaching US government emails through its Microsoft Exchange Online software last year. The incident, described as a “cascade of security failures” at Microsoft, allowed Chinese state-sponsored hackers to access online email inboxes of 22 organizations, affecting more than 500 people including US government employees working on national security.
The US Department of Homeland Security (DHS) has released a scathing report that found that the hack was “preventable” and that a number of decisions inside Microsoft contributed to “a corporate culture that deprioritized enterprise security investments and rigorous risk management.” The hackers used an acquired Microsoft account (MSA) consumer key to forge tokens to access Outlook on the web (OWA) and Outlook.co