Microsoft has denied claims made by a Russian hacking group that they were able access the company's servers and steal personal data of 30 million customers.
Last month, Microsoft published an article admitting that the company was a victim of a Distributed Denial-of-Service (DDoS) cyberattack. The attack took out most of the Microsoft's services including Teams, OneDrive, Office 365, Outlook and more for a number of hours. In the post, Microsoft confirmed while the attack was sophisticated, the company had found "no evidence that customer data has been accessed or compromised.”
However, on July 2 the Russian hackivist group, Anonymous Sudan posted on their Telegram channel claiming they were able to access Microsoft servers during the June attack and had data of over 30 million Microsoft customers. Anonymous Sudan had further asked buyers and interested parties to engage with the group's Telegram bot to purchase this data for $50,000. The group also shared a sample data that was claimed to have been stolen from Microsoft and noted that Microsoft will deny the data breach allegations.
In a statement given to the Bleeping Computer, a Microsoft spokesperson denied claims made by the hackivist group.
At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data.
We have seen no evidence that our customer data has been accessed or compromised
We are not sure if Microsoft plans to open an investigation into the claims made by the group. Microsoft has been facing issues lately maintaining many of its services. Last month, the company faced a major outage impacting Microsoft 365 Services. This was followed by an outage last week that impacted Outlook for Mac and was caused by Exchange Server connection failures as well as an outage that impacted Microsoft Teams worldwide.