Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials for 30 million customer accounts.
Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet.
Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and OneDrive.
Yesterday, the hacktivists alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords.”
Anonymous Sudan offered to sell this database to interested parties for $50,000 and urged interested buyers to engage in contact with their Telegram bot to arrange the purchase of the data.
The post even includes a sample of the data they offered (allegedly stolen from Microsoft) as proof of the breach and warned that Microsoft would deny those claims.
The group provided 100 credential pairs but their origin could not be verified (old data, the result of a breach at third-party service provider, stolen from Microsoft’s systems).
BleepingComputer has contacted Microsoft to request a comment on the validity of Anonymous Sudan's saying and a company spokesperson flatly denied any data breach claims.
“At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data,” a company representative told BleepingComputer.
“We have seen no evidence that our customer data has been accessed or compromised” - Microsoft spokesperson
It is unclear at the moment if Microsoft's investigation is complete or it's ongoing. Also, the company's reaction to the potential public release of the data remains to be seen.
Comments
Dominique1 - 11 months ago
$50K seems such a small amount for such valuable info. Sounds like trying to steal a quick buck.
EndangeredPootisBird - 11 months ago
And once again we see one of the world's largest companies not being able to properly secure their systems.
Cybersecurity is so darn backwards, though I guess that's what happens when the world is run by free-market capitalism.
johnd0e8 - 11 months ago
Wow. There's just too much to unpack in your comment.
nauip - 11 months ago
Did you see some evidence that we're not seeing?
Please link it!
See Dominique1's comment above yours.
horsedoggs - 11 months ago
"And once again we see one of the world's largest companies not being able to properly secure their systems.” Who is this fool?
spacelizard - 11 months ago
"We have seen no evidence that our customer data has been accessed or compromised"
no evidence <> no breach
But it looks like a scam to capitalize on the previous attacks.
eric79x - 11 months ago
Refreshingly concise and well written article in an ever growing sea of generated pleonastic trash articles.
ToxicNekoBoi - 11 months ago
Sadly i was affected by this. Too bad i have very good ways of protecting my account. I have a script that automaticaly scrapes the persons information so i can submit it straight to the police
GenericUsername - 11 months ago
Yet another reason why I am glad that I have very few online accounts. While it's unfortunate if this many accounts were indeed compromised, at least one of the accounts won't be mine.