China-based hackers breached US government email accounts, Microsoft and White House say

A scathing review by the US Cyber Safety Review Board (CSRB) has blamed Microsoft for “avoidable errors” that led to Chinese hackers breaching the tech giant’s network and accessing email accounts of senior US officials, including the secretary of commerce. The hack, which occurred last year, was deemed preventable and highlighted deficiencies in Microsoft’s security culture.

Specifically, the review faulted Microsoft for not adequately protecting a sensitive cryptographic key, enabling hackers to forge credentials and access Outlook accounts remotely. The incident compromised the unclassified email accounts of senior US diplomats and officials, massively impacting diplomatic communications: according to the department spokesman, Matthew Miller, the hackers downloaded about 60,000 emails from the State Department alone. China has denied involvement in the hacking allegations.

In response to the incident, Microsoft pledged to enhance its security practices and bolster protection for its users. The company acknowledged the need for improvement and stated its commitment to identifying and mitigating security vulnerabilities. Microsoft plans to review the recommendations provided by the CSRB.

The breach underscores broader cybersecurity challenges faced by the US government, with cyber-espionage campaigns linked to China and Russia exploiting vulnerabilities in widely used software. The incident serves as a wakeup call for improved cybersecurity measures and closer collaboration between the government and technology providers. There is a call for meaningful change in the relationship between the US government and Microsoft, with a focus on enhancing cybersecurity defenses to safeguard national security interests.

In light of recent revelations regarding Chinese hackers breaching the security of US government email accounts, it’s imperative to prioritize the protection of sensitive communications. Hushmail stands as a reliable solution in safeguarding against such cyber threats, ensuring the confidentiality and integrity of your emails while mitigating the risk of unauthorized access and cyber espionage.