Microsoft Faulted for Avoidable Errors in Hack Compromising Top US Officials' Emails
-
Microsoft failed to prevent a major hack by Chinese spies that compromised emails of top US officials, showing lackluster security practices.
-
The review board report faults Microsoft for a "cascade of avoidable errors", including not disabling an old signing key and allowing compromised devices on its network.
-
Microsoft made inaccurate public statements about the breach, suggesting it was due to a system crash when the root cause is still unknown.
-
The report says Microsoft has a culture that "deprioritized both enterprise security investments and rigorous risk management".
-
The review board makes sweeping recommendations for improving cloud security practices industry-wide and holding Microsoft accountable.