Microsoft Denies Data Breach and Theft of 30 Million Customer Accounts

Microsoft has refuted the allegations made by the hacktivist group “Anonymous Sudan” regarding the breach of their servers and the theft of credentials for 30 million customer accounts.

Anonymous Sudan has gained notoriety for carrying out distributed denial-of-service (DDoS) attacks against various Western organizations in recent months. The group has confirmed their association with pro-Russian hacktivists, such as Killnet [source].

In the previous month, Microsoft acknowledged that Anonymous Sudan was responsible for service disruptions and outages at the start of June, which affected several of their services including Azure, Outlook, and OneDrive.

Yesterday, the hacktivists claimed to have successfully hacked Microsoft and gained access to a large database containing over 30 million Microsoft accounts, emails, and passwords.

Anonymous Sudan offered to sell this database to interested parties for $50,000 and encouraged potential buyers to contact their Telegram bot to arrange the purchase of the data.

AS post on Telegram
(Source: BleepingComputer)

The post even included a sample of the data they claimed to have stolen from Microsoft as evidence of the breach, and they warned that Microsoft would deny these claims.

The group provided 100 pairs of credentials, but the origin of these credentials could not be verified. It is unclear whether they are old data, the result of a breach at a third-party service provider, or stolen from Microsoft’s systems.

IT Services reached out to Microsoft to request a comment on the validity of Anonymous Sudan’s claims. A company spokesperson categorically denied any data breach allegations.

“At this time, our analysis of the data shows that this is not a legitimate claim and is an aggregation of data,” stated a Microsoft representative [source].

“We have seen no evidence that our customer data has been accessed or compromised.” – Microsoft spokesperson

Currently, it is unclear whether Microsoft’s investigation into the matter is complete or ongoing. Furthermore, it remains to be seen how the company will react to the potential public release of the data.

Leave a Reply

Your email address will not be published. Required fields are marked *