Microsoft was blamed by the United States Cyber Security Assessment Board in a cyber attack incident last year. More than 22 organizations and 500 government employees became victims after their email content was accessed by hackers believed to be from China.
It is believed that this cyber attack should not have happened and could have been prevented. However, Microsoft's security failure is the cause of this incident. Hackers managed to obtain Microsoft user account keys and generate fake tokens that were then used to access Outlook accounts. It is still unknown how the hacker managed to access these account keys with some of the theories given yet to be proven.
The Evaluation Board also concluded that Microsoft's security culture is inadequate and in need of repair, especially given the company's importance in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.