Microsoft denies that 30 million customer accounts have been compromised

Outlook Client Hero
(Image credit: Future)

What you need to know

  • Office 365 services experienced disruptions last month due to a DDoS attack.
  • Microsoft identified Storm-1359 as the hacker group behind the hit, but Anonymous Sudan took credit via their Telegram channel.
  • The tech giant indicated that the attackers didn't access any customer data.
  • Anonymous Sudan recently indicated that it was able to compromise 30 million accounts that are on sale for $50,000.
  • Microsoft affirms that customer data is safe and secure.

Last month, we reported an attack affecting Microsoft's Office 365 services across Outlook, Microsoft Teams, SharePoint Online, OneDrive for Business, and Azure. The attack caused widespread disruptions peaking at over 18,000 users.

After looking into the matter, Microsoft discovered that the disruptions were caused by a Distributed Denial-of-Service (DDoS) attack. The company further disclosed that hacker group, Storm-1359 was behind the hit, though another group known as Anonymous Sudan took to their Telegram channel to announce that they were behind the attack, further citing that the outage lasted for close to one and a half hours.

At the time, Microsoft indicated that the attack was majorly a ploy by the group of attackers to gain popularity and cause disruptions. The company further added that the hackers weren't able to access customer data.

However, the hacker group Anonymous Sudan took to their Telegram channel on July 2, 2023, to announce that they had managed to breach, compromise and steal the personal data of 30 million customers, as seen over at Neowin.

Microsoft 365 Personal | From $70/year

Microsoft 365 Personal | From $70/year
Microsoft 365 Personal comes with the Office suite and 1TB of OneDrive storage. It allows you to work from several devices, including Windows, macOS, iOS, and Android. It also includes a long list of other apps and services, such as Editor, Microsoft Forms, and Microsoft Teams.

The group further indicated that the information they had allegedly accessed was up for sale at $50,000 to those interested. In their Telegram channel, the hackers shared tidbits of the information they had allegedly managed to access from the tech giant to make the deal more enticing. 

However, Microsoft has since refuted claims by the hacker group and issued the following statement while talking to the folks at BleepingComputer:

At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data. We have seen no evidence that our customer data has been accessed or compromised.

Microsoft Spokesman

To this end, it's not yet clear whether Microsoft will be looking into the matter closely. The hacker group deployed its attack on Microsoft's OSI layer 7 to cause the outage. The OSI layer 7 is a platform where apps like OneDrive and Outlook source network services.

Kevin Okemwa
Contributor

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. You'll also catch him occasionally contributing at iMore about Apple and AI. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.