A Microsoft engineer’s corporate account was compromised, leading to a Chinese hack of hundreds of thousands of emails from top U.S. officials, including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink.
Microsoft said the hackers were able to extract a cryptographic key from the engineer’s account and use it to access email accounts that it should not have given them access to. The company has fixed the flaws that led to the key being accessible, but the incident has raised fresh concerns about Microsoft’s security practices.
Microsoft provided insights into how the hackers managed to exploit the situation, saying the extraction of a cryptographic key from the engineer’s account, enabling unauthorized access to email accounts that should have been off-limits.
The Chinese Embassy in Washington has denied the allegations, calling them “groundless narratives.”
The sources for this piece include an article in Reuters.