Microsoft Key Breach Incident by Storm-0558 | Cyera Blog

A China-based threat actor (Storm-0558) exploited consumer signing keys that were accidentally included in a crash dump and moved to a less-secure environment; after compromising a Microsoft engineer's account with access to that environment, the actor forged authentication tokens to access Outlook/Exchange accounts of about 25 organizations including government agencies. Microsoft contacted affected organizations and faced regulatory scrutiny; the report emphasizes how data-centric secrets discovery and controls could have prevented the exposure.