Microsoft Denies Hacktivist Group’s Allegations of Breaching 30 Million Accounts

Reading Time: ( Word Count: )

July 5, 2023

Microsoft has rebuffed the accusations from the self-styled hacktivist group “Anonymous Sudan,” which has claimed responsibility for infiltrating the tech giant’s servers and stealing the credentials of around 30 million users.

Anonymous Sudan has recently garnered attention for its crippling distributed denial-of-service (DDoS) attacks on Western organizations. It has proudly stated its alliance with pro-Russian cyber activists, including Killnet. In the previous month, Microsoft confessed that the service disruptions and downtime at the outset of June, affecting various services such as Azure, Outlook, and OneDrive, were indeed the handiwork of Anonymous Sudan.

A day ago, the cyber activist group claimed they had “successfully infiltrated Microsoft” and “gained entry to a vast database containing over 30 million Microsoft accounts, along with emails and passwords.” Anonymous Sudan has offered to trade this database for $50,000, encouraging prospective buyers to communicate with their Telegram bot to orchestrate the data’s purchase. The post also contained a sample of the supposedly stolen data from Microsoft as a testament to the breach and cautioned that Microsoft would refute these claims.

Also Read: “Samsung and D-Link Under Cyber Threat: Eight New Vulnerabilities Detected by CISA”

Microsoft accounts,

Anonymous Sudan supplied 100 sets of credentials, but the provenance of these details could not be validated – whether they were outdated, the fallout of a security breach at a third-party service provider, or indeed stolen from Microsoft’s systems.

In response to these allegations, BleepingComputer contacted Microsoft to inquire about the credibility of Anonymous Sudan’s claims. A company spokesperson categorically dismissed any insinuations of a data breach.

“At present, our evaluation of the data indicates that these claims are not substantiated and represent a conglomeration of data,” a company representative confided to BleepingComputer.

“We have found no proof to suggest that our customer data has been intruded or jeopardized,” stated the Microsoft spokesperson.

It remains to be seen whether Microsoft’s probe is finished or is still in progress. Furthermore, how the company will respond to the potential public exposure of the data is yet to be determined.

Lucas Maes

Lucas Maes


Cybersecurity guru, encryption wizard, safeguarding data with 10+ yrs of IT defense expertise. Speaker & author on digital protection.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...

Submit a Comment

Your email address will not be published. Required fields are marked *