Microsoft has refuted the allegations of a data breach that allegedly leaked the personal data of 30 million customers. The company said that the data shared by a Russian hacking group was not authentic and was an aggregation of data.
The hacking group, Anonymous Sudan, claimed that they had hacked into Microsoft's servers during a massive Distributed Denial-of-Service (DDoS) attack that occurred in June.
The attack disrupted many of Microsoft's services, including Teams, OneDrive, Office 365, Outlook and more, for several hours. In a statement given to the Bleeping Computer, a Microsoft spokesperson said the hacker claims were false:
“At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data. We have seen no evidence that our customer data has been accessed or compromised.”
Anonymous Sudan posted on their Telegram channel that they had data of over 30 million Microsoft customers, including names, email addresses, phone numbers, passwords and credit card details. They asked interested buyers to contact their Telegram bot to purchase this data for $50,000. They also shared a sample of the data that they claimed to have stolen from Microsoft.
Recent Outage Led to DDoS Claims
However, Microsoft denied these claims and said that there was no evidence that customer data had been accessed or compromised during the attack. Microsoft's denial comes just a month after the company was reportedly hit by a Distributed Denial-of-Service (DDoS) attack. The attack took out most of Microsoft's services including Teams, OneDrive, Office 365, Outlook, and more for a number of hours.
Within an hour of detecting the attack, Microsoft was able to mitigate it and restore normal service operations. However, the company did not stop there. In addition, it took steps to prevent similar attacks in the future, and is working with law enforcement agencies to investigate the incident.
Microsoft expressed its regret for the inconvenience caused by the outage and thanked its customers for their patience and understanding. Furthermore, the company assured its users that their data and privacy were not compromised by the attack.
The DDoS attack on Microsoft is part of a larger trend of online platforms facing similar threats in recent years. DDoS attacks are becoming more frequent and sophisticated, posing a serious challenge to online security and reliability. Therefore, it is important for online service providers and users to adopt appropriate measures to protect themselves from such attacks.