Microsoft says hackers used code flaw to steal emails from government agencies

Microsoft and US officials said that Chinese state-linked hackers had been secretly accessing email accounts at around 25 organizations.

 A LAPTOP with binary codes displayed in front of the Chinese flag. Individuals basically do not care if their personal data are stolen, unless the hacker personally locks them out of their accounts or the theft has some other major concrete negative impact on their lives. (photo credit: DADO RUVIC/REUTERS)
A LAPTOP with binary codes displayed in front of the Chinese flag. Individuals basically do not care if their personal data are stolen, unless the hacker personally locks them out of their accounts or the theft has some other major concrete negative impact on their lives.
(photo credit: DADO RUVIC/REUTERS)

Microsoft says that hackers used a flaw in its code to steal emails from government agencies and other clients.

In a blog post published on Friday, the company said that Chinese hackers were able to take advantage of "a validation error in Microsoft code" to carry out their cyberespionage campaign.

The blog provided the most fulsome explanation yet for a hack that rattled both the cybersecurity industry and China-US relations. Beijing has denied any involvement in the spying.

Chinese state-linked jackers had been secretly accessing emails

Microsoft and US officials said on Wednesday night that Chinese state-linked hackers had been secretly since May accessing email accounts at around 25 organizations. US officials said those included at least two US government agencies.

 EVEN AFTER THE Cyberserve/Atraf disaster, Bennett is more afraid of overregulation than he is of lacking the power to save the private sector from its own occasional cyber laziness or cheapness. (credit: KACPER PEMPEL/ILLUSTRATION PHOTO/REUTERS)
EVEN AFTER THE Cyberserve/Atraf disaster, Bennett is more afraid of overregulation than he is of lacking the power to save the private sector from its own occasional cyber laziness or cheapness. (credit: KACPER PEMPEL/ILLUSTRATION PHOTO/REUTERS)

Microsoft has not identified any of the hack's targets but several victims have acknowledged they were affected, including personnel at the State Department, the Commerce Department, and the US House of Representatives.

Secretary of State Antony Blinken told China's top diplomat, Wang Yi, in a meeting in Jakarta on Thursday that any action that targets the US government, US companies or American citizens "is of deep concern to us, and that we will take appropriate action to hold those responsible accountable," according to a senior State Department official.

Microsoft's own security practices have come under scrutiny, with officials and lawmakers calling on the Redmond, Washington-based company to make its top level of digital auditing, also called logging, available to all its customers free of charge.