Microsoft: ‘No Evidence’ To Support Hacktivist Data Theft Claim

A hacktivist group, which had recently taken responsibility for hobbling Microsoft services with DDoS attacks, reportedly claimed it has stolen more than 30 million account credentials. Microsoft responded that ‘this is not a legitimate claim.’

ARTICLE TITLE HERE

Microsoft shot down a new claim Monday by the hacktivist group that recently leveled DDoS (distributed denial-of-service) attacks against some of the company’s key cloud services, causing a nearly week-long outage last month.

The group, Anonymous Sudan, claimed in a Telegram post that it has stolen credentials for more than 30 million Microsoft accounts, according to a report by BleepingComputer.

In a statement responding to the post Monday, provided to CRN, Microsoft said that its investigation so far has found that “this is not a legitimate claim.”

id
unit-1659132512259
type
Sponsored post

[Related: Microsoft Confirms DDoS Attacks: 5 Things To Know]

Anonymous Sudan is claiming it will sell the database of more than 30 million Microsoft account credentials, including passwords, for $50,000, BleepingComputer reported.

“At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data,” Microsoft said in the statement Monday. “We have seen no evidence that our customer data has been accessed or compromised.”

In early June, Anonymous Sudan took responsibility for a series of Microsoft service outages.

On back-to-back days, Microsoft 365 services such as Teams and Outlook saw widespread outages, followed by a major OneDrive outage days later. Then the following day, the portal for Microsoft’s Azure cloud platform went down for thousands of users.

The Redmond, Wash.-based company later confirmed that DDoS attacks were behind the outages. Microsoft said that a group it tracks as “Storm-1359” was behind the attacks, which several reports said is the same as the group known as Anonymous Sudan.

Microsoft did not specify how many customers were affected in the early June outage, leaving the full impact of the attacks unclear.