Microsoft disputes claims that members of Anonymous Sudan penetrated the company's internal servers, capturing the login credentials of 30 million accounts. The U.S. hardware and software company does confirm that the hacker group has attacked Microsoft in the recent past.
This is what a company spokesperson tells BleepingComputer when asked (1)
Last month, Microsoft was the target of a large-scale DDoS attack. In the process, several services suffered severe outages, including Azure, Outlook, Teams and OneDrive. By its own admission, there was no evidence that customer data had been accessed or captured.
Investigations revealed that Anonymous Sudan, also better known as Storm-1359, was behind these attacks. Microsoft has been tracking this group of hacktivists for some time, and according to the hardware and software company, they have carried out several large-scale DDoS attacks against Western agencies in recent months.
Last weekend, Anonymous Sudan posted a message on Telegram. In it, the hacktivists claimed they had managed to hack Microsoft. In the process, they had reportedly stolen a large database that contained login information for more than 30 million Microsoft accounts. For $50,000, interested parties could buy the dataset of usernames, e-mail addresses and passwords.
To bolster their words, Anonymous Sudan added a data sample to the message. However, the origin of this data could not be determined with certainty. Possibly it was stolen from Microsoft, but for the same money it is old data stolen from a third party in the past.
BleepingComputer contacted Microsoft and asked to what extent it was true that Anonymous Sudan had stolen the login credentials of more than 30 million Microsoft accounts. A company spokesman denied the hacker group's claims.
"At this time, our analysis of the data shows that this is not a legitimate claim and is an aggregation of data. We have seen no evidence that our customer data has been accessed or compromised," the spokesperson said.
It is unclear if Microsoft has currently completed its investigation into the DDoS attack and possible data theft, or if it is still ongoing.
https://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/
