-
chevron_right
Microsoft ties executive pay to security following multiple failures and breaches
news.movim.eu / ArsTechnica · Friday, 3 May - 20:25
It's been a bad couple of years for Microsoft's security and privacy efforts. Misconfigured endpoints , rogue security certificates , and weak passwords have all caused or risked the exposure of sensitive data, and Microsoft has been criticized by security researchers, US lawmakers , and regulatory agencies for how it has responded to and disclosed these threats.
The most high-profile of these breaches involved a China-based hacking group named Storm-0558, which breached Microsoft's Azure service and collected data for over a month in mid-2023 before being discovered and driven out. After months of ambiguity , Microsoft disclosed that a series of security failures gave Storm-0558 access to an engineer's account, which allowed Storm-0558 to collect data from 25 of Microsoft's Azure customers, including US federal agencies.
In January, Microsoft disclosed that it had been breached again , this time by Russian state-sponsored hacking group Midnight Blizzard. The group was able "to compromise a legacy non-production test tenant account" to gain access to Microsoft's systems for "as long as two months."