Microsoft Denies New Data Breach Claimed by Anonymous Sudan

A group that recently DDoS attacked Microsoft now claim they've stolen 30 million customer records. The tech giant disagrees.

A group of cybercriminals has claimed to have “successfully hacked” Microsoft and got their hands on 30 million accounts, just weeks after successfully causing several outages to Microsoft services via large-scale DDoS attacks.

Microsoft has strongly denied the claims made by the group – which goes by the name “Anonymous Sudan” – and has informed multiple news outlets that they see no evidence behind the claim that the group has customer emails, passwords, and usernames.

Although Microsoft has firmly denied the claims, it’s still an ominous reminder of the importance of using tools that facilitate the creation of complex, unique passwords, such as password managers, to minimize the impact of such attacks when they do occur.

Anonymous Sudan’s Claims Rebuffed By Microsoft

Anonymous Sudan recently posted on messaging app Telegram claiming they had 30 million Microsoft accounts, emails, and passwords for sale, valued at $50,000.

Along with the initial message, they also posted a warning that Microsoft would deny the claims of the breach, along with a sample of the data allegedly extracted from the tech giant’s systems.

Bleeping Computer, which has seen the sample provided by Anonymous Sudan, reports that the origin of the data could not be verified and suggested it could be from another breach, for example.

Microsoft has told a number of different news sources, including Cybernews, that they have reviewed the data and do not consider the group’s claim to be genuine, and further, that they have no reason to believe that any Microsoft account holder’s data has been compromised.

Microsoft’s New Nemesis?

DDoS (Distributed Denial of Service) attacks don’t tend to involve data being stolen, and instead, aim to disrupt, slow down, or take a service offline.

However, there are some prior examples of such attacks being orchestrated as a decoy to distract a company’s security team or use up a company’s cybersecurity resources while other attacks are carried out.

Some reports suggest the hacking group is Sudanese – as their name suggests – while others have speculated they may be based in the United Arab Emirates. Other sources, however, have suggested the group is backed by the Kremlin and actually based in Russia.

Remove Your Data From the Web

Incogni by Surfshark can help you reclaim your information from third-party vendors.

Although Microsoft seems very assured in this case that the group is simply fronting, recently, they did recently admit that the same group was behind a series of large-scale DDoS attacks at the beginning of June that took a number of Microsoft services offline.

Data Breaches: A Persistent Worry

Although this seems like a false alarm – at least according to Microsoft – groups like this pose an ever-present threat to businesses of all sizes. Major data breaches now occur on a weekly – and almost daily – basis and have been prevalent throughout the first half of 2023, facilitated by poorly configured security infrastructure, insider threats, and simple human errors that have opened the gates to attackers.

So common are leaks that it’s important to think not just about prevention, but also damage control. For business owners, it’s crucial staff are equipped with the knowledge and tech to help them create strong passwords, spot phishing attacks, and much more. 

Granted, breaches and leaks happen – but this will greatly decrease how much damage can be done by a single event, and may even reduce the immediate steps you’ll have to take to reseal your company’s security perimeter.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Aaron Drapkin is Tech.co's Content Manager. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol six years ago. Aaron's focus areas include VPNs, cybersecurity, AI and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, Lifewire, HR News and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals