Share this article on:
After a hack that successfully took down Microsoft’s OneDrive storage service last month, Anonymous Sudan now says it has the login credentials for 30 million Microsoft accounts.
Anonymous Sudan made the claim on its Telegram channel and is selling the full database of names, emails, and passwords for the sum of US$50,000. The group asks any potential buyers to contact them via their Telegram bot and even added a sample of 100 usernames and passwords, though the provenance of those credentials is unconfirmed.
According to Bleeping Computer, the sample data could come from a prior, third-party breach.
Microsoft has strenuously denied the claim.
“At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data,” Microsoft said in a statement to media. “We have seen no evidence that our customer data has been accessed or compromised.”
The latter comment mirrors what Microsoft said at the time of the attack on 16 June. According to Microsoft, the hack that took down OneDrive was a distributed denial-of-service (DDoS) attack, which began earlier in the month.
“Microsoft assessed that Storm-1359 has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures,” Microsoft said in a blog post. “Storm-1359 appears to be focused on disruption and publicity.”
Storm-1359 is Microsoft’s designation for Anonymous Sudan.
The group itself is not linked to the Anonymous hacktivist group but rather has links to the pro-Russian Killnet group of hackers.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.