Microsoft Faulted for Avoidable Errors in Hack Compromising Top US Officials' Emails

Microsoft failed to prevent a major hack by Chinese spies that compromised emails of top US officials, showing lackluster security practices.

The review board report faults Microsoft for a "cascade of avoidable errors", including not disabling an old signing key and allowing compromised devices on its network.

Microsoft made inaccurate public statements about the breach, suggesting it was due to a system crash when the root cause is still unknown.

The report says Microsoft has a culture that "deprioritized both enterprise security investments and rigorous risk management".

The review board makes sweeping recommendations for improving cloud security practices industry-wide and holding Microsoft accountable.