This has kinda flown under the radar, but a few days ago Microsoft made public that a Chinese-based hacker called Storm-0558 gained access to "approximately 25 organizations including government agencies as well as related consumer accounts of individuals likely associated with these organizations". That is bad but shit happens. Wired explains that what makes it worse is "hackers were somehow able to steal a key that Microsoft uses to sign tokens for consumer-grade users of its cloud services" and "exploited a bug in Microsoft's token validation system, which allowed them to sign consumer-grade tokens with the stolen key and then use them to instead access enterprise-grade systems". Stealing keys is a pretty bloody big bug and Microsoft isn't giving more details.
If you liked this tiny snippet of content from The Sizzle - Australia's favourite daily email containing the latest tech news & bargains - then sign up for a 30-day free trial below. No credit card required! Learn more about The Sizzle at https://thesizzle.com.au