Microsoft Refused to Fix Flaw Years Before SolarWinds Hack
ProPublica
|
Contributed by: Drex DeFord
Summary
Andrew Harris, a cybersecurity expert, identified a critical flaw in a Microsoft cloud application that allowed attackers to impersonate legitimate users and access sensitive data without detection. Despite Harris' persistent pleas to address the vulnerability, Microsoft prioritized business interests over security, particularly due to its bid for a massive federal cloud computing contract. The flaw eventually became a key vector in the notorious SolarWinds cyberattack, where Russian hackers exploited it to access U.S. government data. Microsoft publicly downplayed its responsibility and instead suggested that customers could have done more to protect themselves. Harris' account and ProPublica's investigation reveal the extent to which profit motives can influence security decisions at major tech companies.
