In June 2023, there were reports of a potential security breach at Microsoft, where a master key was said to have been leaked. This key could have potentially compromised customer data stored in the cloud. According to Microsoft, it is believed that attackers from China may have successfully used this leaked key to monitor emails, particularly those of European government agencies that primarily use Microsoft 365's Exchange Online service to host and manage email in the cloud.
According to current knowledge, almost all users of Microsoft's cloud services could be affected if they use the ‘Sign in with Microsoft’ feature.
Microsoft has blocked stolen keys in the meantime, but it remains to be seen whether attackers have already been able to install backdoors. At the moment, there is a lot of uncertainty and little information from Microsoft.