The FTC is contemplating an investigation into Microsoft’s adherence to cybersecurity commitments following the massive email hack the revealed troubling vulnerabilities in the tech giant’s defense mechanisms. Hackers were able to access sensitive information in corporate and government email system thanks to Microsoft’s security failures.
The Messenger reports that Microsoft finds itself facing scrutiny from the FTC following the massive cybersecurity leak it suffered this year. A breach that occurred in May, suspected to be the work of Chinese government hackers, exposed the email accounts of Microsoft customers. This breach, however, was only recently brought to light by Microsoft, raising questions about the company’s transparency and cybersecurity robustness.
Breitbart News previously reported that the hack breached email accounts used by the State Department:
Hackers purportedly linked to the Chinese government infiltrated the State Department after hacking a Microsoft employee earlier this summer, pilfering around 60,000 emails from the inboxes of 10 employees, revealing sensitive information including travel itineraries and diplomatic deliberations.
Politico reports that the breach, which has sent shockwaves through Capitol Hill, has intensified concerns regarding the escalating hacking efforts allegedly emanating from China. The compromised information is believed to be highly sensitive, with victims’ travel itineraries and diplomatic deliberations among the most critical data accessed. The incident has not only raised eyebrows regarding international cybersecurity but has also brought the spotlight back on the Indo-Pacific diplomatic efforts, as nine out of the ten compromised email accounts belonged to individuals working on related issues.
Breitbart News also reported on how the hack occurred, which involved cracking the account of a Microsoft employee:
Bloomberg reports that Microsoft has disclosed that China-linked hackers compromised the corporate account of one of its engineers, then used this unauthorized access to steal a digital key in order to forge authentication tokens. These tokens granted them access to email accounts on Microsoft’s cloud servers, including those belonging to Commerce Secretary Gina Raimondo, Representative Don Bacon, and State Department officials.
“The Commission will ‘shift resources to order compliance and enforcement, especially against the largest respondents,’” FTC Chair Lina Khan said in a letter, emphasizing a more stringent approach towards major corporations like Microsoft. This statement echoes the FTC’s renewed commitment to enforcing cybersecurity norms and holding corporations accountable for lapses.
Microsoft previously settled with the FTC in 2002; as part of the settlement Microsoft committed to establishing a comprehensive information security program. This commitment aimed to safeguard the security, confidentiality, and integrity of personal information collected from consumers.
Sen. Ron Wyden (D-OR) has been vocal in urging the FTC to take decisive action. “Microsoft’s security failures led to the Chinese government hacking into the emails of senior U.S. government officials,” Wyden said, underscoring the severity of the breach and the potential repercussions.
FTC Chair Lina Khan, while not confirming an official investigation, conveyed a strong stance against “corporate recidivism” and acknowledged the historical 2002 settlement with Microsoft.
Read more at the Messenger here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.