Hackers claim to have stolen data of 30 million Microsoft customer accounts
Hacking and denial-of-service group Anonymous Sudan claims that it has stolen data of 30 million Microsoft customer accounts. Microsoft has denied the claims.
The hacking group claimed earlier this month that it hacked Microsoft successfully and got its hands on a database that contained information of more than 30 million Microsoft accounts, including passwords.
The group posted the data for sale on a Telegram channel and is asking for $50,000 for the entire database. The post includes samples of the data, 100 credential pairs, but the data could not be linked to the alleged hack.
The group writes: "We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password".
Anonymous Sudan is asking potential buyers to contact their bot for negotiation. The group has been active since January 2023 according to a Flashpoint analysis. It ran distributed denial of service attacks against critical infrastructure targets in countries such as Sweden, Australia, Germany or Israel.
Bleeping Computer asked Microsoft for a statement and the company denied the data breach claims. Microsoft told Bleeping Computer that its analysis of the available data came to the conclusion that the claim was not legitimate and that the published data was an aggregation of data.
In other words: Microsoft claims that Anonymous Sudan created the data from past data sets that were leaked or breached. A Microsoft spokesperson told the site that it has not seen evidence that customer data was accessed or compromised.
Microsoft has two main options to verify the claims. It can either look at the data that was published publicly to determine its legitimacy, or it can run an analysis on its systems to find out if a breach occurred. Microsoft's initial reaction to the leak could have been posted to deter potential buyers.