For years, an engineer at Microsoft flagged a flaw in a product that people use to log in to their devices with single sign-on. The company dismissed his warnings. One product leader told him that acknowledging the weakness could interfere with Microsoft’s business goals.

Russian hackers later took advantage of that flaw in one of the biggest cyberattacks in U.S. history, SolarWinds. They used it to compromise the National Institutes of Health, the National Nuclear Security Administration and the Department of the Treasury.

In June, Microsoft President Brad Smith testified at a congressional hearing and was grilled about what government investigators called the company’s “cascade of security failures” in another hack.

ProPublica’s Renee Dudley breaks down what happened to whistleblower Andrew Harris and what Microsoft is saying it is doing to mitigate future attacks.

To read our investigation, go to: [ Ссылка ]

📰: Renee Dudley, with research by Doris Burke
🎨: Anuj Shrestha
🎥: Jose Sepulveda

-
ProPublica is an independent, nonprofit newsroom that produces investigative journalism with moral force.

+ Sign up for our weekly newsletter: [ Ссылка ]
+ Follow us on X/Twitter: [ Ссылка ]
+ Follow us on Instagram: [ Ссылка ]
+ Follow us on TikTok: [ Ссылка ]
+ Follow us on Facebook: [ Ссылка ]
+ Follow us on Threads: [ Ссылка ]
+ Follow us on Mastodon: [ Ссылка ]
+ Follow us on Bluesky: [ Ссылка ]

свернуть