Anonymous Sudan: Microsoft denies data leak of 30 million customer accounts

Sicherheit (Pexels, allgemeine Nutzung)[German]Was there a successful hack at Microsoft in which the group Anonymous Sudan was able to pull data from 30 million customer accounts? The group claimed this yesterday, but Microsoft consistently denies it, saying there is no proof. What is known, however, is that the Anonymous Sudan data group claimed an attack on the Microsoft cloud, and Microsoft confirmed that cloud service outages in recent weeks were due to DDoS attacks.


Advertising

Anonymous Sudan hacktivists have been active since January 2023, according to this website. A timeline of activities by the group, which is said to have ties to Russian hackers such as Killnet, can also be read there (and here). In June 2023, Microsoft's cloud services were experiencing outages on and off, and the group claimed this as a result of attacks.

I had reported on this in various blog posts (see links at the end of the article). Microsoft had not said anything about it for a long time. Then at the end of the day came confirmation from Microsoft about a successful attack (see Cloud outages: Microsoft reveals details of DDoS attack by Anonymous Sudan/Storm-1359).

Were hackers able to siphon off data?

Now the group Anonymous Sudan claims a successful hack of Microsoft and writes that they have access to a database with more than 30 million Microsoft accounts, email addresses and passwords.

Anonymous Sudan Microsoft Hack ...

The above tweet states that the group only wants $50,000 for the complete database. Colleagues at Bleeping Computer have published a screenshot of a Telegram post by the group where this is also claimed.


Advertising

The colleagues have taken up the issue in this article and write that the group is awaiting "offers from interested parties" to buy the database. The hacktivists' post even includes an example with data of hacked accounts, which they claim is proof of access to Microsoft customer accounts. These are records for 100 Microsoft accounts, but their origin could not be verified, according to Bleeping Computer.

It is probably old data that was stolen from Microsoft's systems after a cyber incident at a third-party vendor. However, Anonymous Sudan suggests that Microsoft would deny these claims of a successful hack with access to the database containing customer data.

Bleeping Computer then contacted Microsoft for a statement on the facts of the case and Anonymous Sudan's claims. A company spokesperson denied the group's claims regarding a captured database, saying:

We have seen no evidence that our customer data has been accessed or compromised.

Now there are effectively three possibilities: Microsoft is right and the hacktivists are just trolling. Or the hacktivists from Anonymous Sudan really have access to a database with Microsoft customer data. Or Microsoft's investigations into the hack are not yet complete – or Redmond still hasn't realized that they were successfully hacked. Now we have to wait and see how the story develops.

Similar articles
Exchange Online down for hours (June 5, 2023)
Outlook.com and OneDrive down – consequence of cyber attacks? (June 8, 2023)
Microsoft Azure outage (June 9, 2023); what's going on?
Microsoft's cloud outage was result of a DDoS attack
Cloud outages: Microsoft reveals details of DDoS attack by Anonymous Sudan/Storm-1359


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *