Microsoft accused of 'negligent cybersecurity practices' that 'enabled Chinese espionage against the US government'

Amit Yoran speaking on a green backdrop
(Image credit: SAUL LOEB / Stringer)

After Microsoft admitted its Azure platform had been breached by Chinese hacking group Storm-0558, chairman and CEO of network security giant Tenable, Amit Yoran, took to Microsoft-owned social platform LinkedIn to air his grievances against Microsoft's security practices.

Citing a letter sent by US Senator Ron Wyden to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice (DoJ), and the Federal Trade Commission (FTC) recently, Yoran calls for Microsoft to answer for the "lack of transparency" and a "repeated pattern of negligent cybersecurity practices, which has enabled Chinese espionage against the United States government" (via The Verge).

That's quite the accusation, and the Google Project Zero numbers seem to add insult to injury, as Yoran notes "Microsoft products have accounted for an aggregate 42.5% of all zero days discovered since 2014".

Yoran's main argument centres around the Azure hack. He says members of Tenable's research team had been previously checking out any potential Azure security issues, only to quickly gain access to some pretty sensitive bank authentication details.

His team notified Microsoft as soon as they realised the severity of the issue, and Yoran is pretty upset with the seemingly blasé attitude taken over the matter.

Your next upgrade

(Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits
Best SSD for gaming: Get into the game ahead of the rest

"Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service."

120 days later when Yoran's post goes up, those bank details remain exposed. And while Microsoft promises to fix the issues by September, Yoran makes clear his feelings that a four month wait for a fix is "grossly irresponsible, if not blatantly negligent."

Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.