Techly NewsGet the app

Get the latest tech news

In major gaffe, hacked Microsoft test account was assigned admin privileges — How does a legacy test account grant access to read every Office 365 account?


How does a legacy test account grant access to read every Office 365 account?

OOPS — The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company's part, a researcher said. Russia-state hackers, Microsoft said, used a technique known as password spraying to exploit a weak credential for logging into a “legacy non-production test tenant account” that wasn’t protected by multifactor authentication. Threat actors like Midnight Blizzard compromise user accounts to create, modify, and grant high permissions to OAuth applications that they can misuse to hide malicious activity.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Microsoft

Microsoft

Photo of Office

Office

Photo of major gaffe

major gaffe

Related news:

News photo

Microsoft CEO calls for tech industry to 'act' after AI photos of Taylor Swift circulate X

News photo

Microsoft releases first Windows Server 2025 preview build

News photo

Microsoft introduces flighting for Windows Server insiders

« United Poised to Resume Flights of Boeing 737 Max 9 Jetliners
Deal Dive: Can AI fix lost and found? »