Microsoft denies 30 million customer accounts theft amid hacktivist group’s claims

Pranav Bhardwaj

Cybersecurity Microsoft Azure Domain Fronting

In a recent development, Microsoft has firmly refuted the claims made by the hacktivist group “Anonymous Sudan” regarding their alleged breach of the company’s servers and theft of credentials belonging to 30 million customer accounts. Anonymous Sudan has gained notoriety for carrying out debilitating distributed denial-of-service (DDoS) attacks against various Western entities in recent months and has acknowledged its affiliation with pro-Russian hacktivists such as Killnet.

Last month, Microsoft acknowledged that Anonymous Sudan was responsible for service disruptions and outages that occurred in early June, affecting multiple services, including Azure, Outlook, and OneDrive. However, yesterday, the hacktivist group went a step further and asserted that they had successfully hacked Microsoft, claiming to possess a vast database containing more than 30 million Microsoft accounts, emails, and passwords.

Anonymous Sudan even attempted to monetize their alleged haul, offering to sell the database to interested parties for $50,000. They directed potential buyers to engage with their Telegram bot to arrange the purchase of the data.anonymous-sudan-selling-data

As a show of proof, the group provided a sample of 100 credential pairs, although the origin of these credentials could not be independently verified. It is possible that the credentials could be old data, acquired from a breach at a third-party service provider, or even fabricated to bolster their claims.

BleepingComputer, a prominent technology news outlet, reached out to Microsoft for comment regarding the validity of Anonymous Sudan’s assertions. In response, a Microsoft spokesperson categorically denied the existence of any data breach. According to the company representative, their analysis of the data obtained by Anonymous Sudan suggests that these claims are baseless and merely an aggregation of existing information.

“We have seen no evidence that our customer data has been accessed or compromised,” affirmed the Microsoft spokesperson, asserting their confidence in the security of their systems.

As of now, it remains unclear whether Microsoft’s investigation into the matter is still ongoing or has concluded. Moreover, the company’s response to the potential public release of the data remains uncertain. Microsoft’s swift denial and affirmation of the security of their customer data stand in contrast to Anonymous Sudan’s allegations, setting the stage for further developments as the situation unfolds.

It is important to note that cyber threats and data breaches continue to pose significant challenges for organizations worldwide. As technology companies strive to fortify their security measures, incidents like these emphasize the need for robust safeguards and heightened vigilance to safeguard sensitive customer information.

Via: Bleeping Computer