Microsoft has rebuffed the accusations from the self-styled hacktivist group “Anonymous Sudan,” which has claimed responsibility for infiltrating the tech giant’s servers and stealing the credentials of around 30 million users.
Anonymous Sudan has recently garnered attention for its crippling distributed denial-of-service (DDoS) attacks on Western organizations. It has proudly stated its alliance with pro-Russian cyber activists, including Killnet. In the previous month, Microsoft confessed that the service disruptions and downtime at the outset of June, affecting various services such as Azure, Outlook, and OneDrive, were indeed the handiwork of Anonymous Sudan.
A day ago, the cyber activist group claimed they had “successfully infiltrated Microsoft” and “gained entry to a vast database containing over 30 million Microsoft accounts, along with emails and passwords.” Anonymous Sudan has offered to trade this database for $50,000, encouraging prospective buyers to communicate with their Telegram bot to orchestrate the data’s purchase. The post also contained a sample of the supposedly stolen data from Microsoft as a testament to the breach and cautioned that Microsoft would refute these claims.
Anonymous Sudan supplied 100 sets of credentials, but the provenance of these details could not be validated – whether they were outdated, the fallout of a security breach at a third-party service provider, or indeed stolen from Microsoft’s systems.
In response to these allegations, BleepingComputer contacted Microsoft to inquire about the credibility of Anonymous Sudan’s claims. A company spokesperson categorically dismissed any insinuations of a data breach.
“At present, our evaluation of the data indicates that these claims are not substantiated and represent a conglomeration of data,” a company representative confided to BleepingComputer.
“We have found no proof to suggest that our customer data has been intruded or jeopardized,” stated the Microsoft spokesperson.
It remains to be seen whether Microsoft’s probe is finished or is still in progress. Furthermore, how the company will respond to the potential public exposure of the data is yet to be determined.