Microsoft denies data breach that leaked personal data of 30 million customers

Microsoft is categorically saying there had been no data breach, while Russian hacking group Anonymous Sudan claims it is selling data allegedly belonging to the Redmond, Washington-based technology corporation.

Last month, Microsoft confirmed that the service outages that affected its OneDrive web portals, Azure, and Outlook apps were a result of Layer 7 DDoS attacks. The company experienced these attacks on June 5. Anonymous Sudan recently announced that it had successfully hacked Microsoft and stolen a "large database" with over 30 million Microsoft accounts, passwords, and emails.

Microsoft, on the other hand, said it was investigating and tracking the DDoS campaign in its latest blog post. In the meantime, the database has gone up for sale carrying a price tag of $50,000 (about £39,400). The threat actor is inviting interested buyers to contact them via the Telegram bot to complete the transaction.

The group even proved the authenticity of its claims by sharing a data sample. Aside from this, Anonymous Sudan warned that Microsoft will probably deny losing the data. According to a BleepingComputer report, the data sample comprises 100 credential pairs.

However, details about the origin of the credentials are still few and far between. So, there is a possibility that the aforesaid credentials could be old, or acquired from a third party, rather than Microsoft itself. In a statement, Microsoft's spokesperson denied claims made by Anonymous Sudan.

"At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data," a Microsoft representative told BleepingComputer. It is unclear whether Microsoft's investigation is complete or is still ongoing. It will also be interesting to see how the company reacts to the potential public release of the data.

Why does this data breach matter?

Anonymous Sudan has been running a few successful attacks against Microsoft lately. The group was able to render some Microsoft services unavailable to users about a month ago. As a result, some users reported they were unable to access OneDrive. Anonymous Sudan took responsibility for the DDoS attack, calling the tech behemoth "liars."

"Microsoft, you think we forgot you? We are motivated to teach you liars a very good lesson in honesty that none of your parents ever taught you," the group allegedly said on Telegram. The group further stated, "Onedrive has been downed. Let's see your new excuse now."

Microsoft found that threat actor Storm-1359 launched multiple types of layer 7 DDoS attacks. Furthermore, it was discovered that the group adopted cache bypass tactics to force the frontend layer to direct requests to the origin instead of retrieving cached contents, and slowloris.

Notably, slowloris is a type of DDoS attack that uses web servers to handle incoming connections. In an announcement, Microsoft said these "attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools."

Microsoft also states it has seen no evidence that customer data has either been accessed or compromised. Regardless, Anonymous Sudan, which describes themselves as "hacktivists" are targeting France, Denmark, and Sweden-based government entities. The folks at TechRadar suggest Anonymous Sudan, which appears to be a pro-Russia group, is politically motivated.

People's reaction

Microsoft is not the only big company that's been subject to such attacks lately. For instance, more than 100,000 ChatGPT accounts were reportedly compromised and sold on the dark web last month. Understandably, large corporations are catching flak for failing to properly secure their systems.

However, some people have noticed that the asking price of the database is surprisingly low. Taking to the comments section of the BleepingComputer article, a reader noted that "$50K seems such a small amount for such valuable info." It looks like the group is "trying to steal a quick buck," the reader added.

According to a report by Fortune, this group is not just pro-Russia, but actually Russian. The report claims the group is a Russian information operation that uses its Islamic credentials to promote closer cooperation between Russia and the Islamic world. It is also worth noting that the group always claims "Russia is the Muslims' friend."