Microsoft Denies Data Theft Claims Involving 30 Million Customer Data

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

A self-proclaimed hacktivist group known as ‘‘Anonymous Sudan’’ has claimed to have stolen credentials for millions of Microsoft customers by breaching the company’s servers. The Redmond-based software company on the other hand has categorically denied these claims.

Earlier this week, the group announced that it had successfully breached Microsoft’s network system and extracted a massive database having credentials of more than 30 million customers. The database which is now available for a going price of $50,000 includes information on Microsoft accounts, emails, and passwords. The group announced that interested parties can use their Telegram bot to contact and arrange a purchase of the database.

In the Telegram post, the group also posted a small sample of the allegedly stolen data to prove the authenticity of their hacking claims, in addition to warning readers that the incident would be refuted by Microsoft. The sample’s authenticity cannot be verified, for the time being.

In the aftermath of the post, Microsoft released a statement to various press outlets, where the spokesperson stated that the data was probably collected from sources other than the company. ‘’At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data. We have seen no evidence that our customer data has been accessed or compromised,’’ the spokesperson said.

In recent months, Anonymous Sudan which Microsoft tracks as ‘’Storm-1359’’ has been repeatedly targeting the company. Around a month ago, Microsoft announced having suffered DDoS attacks by the group which affected the service continuity of its Outlook, Azure cloud services, SharePoint Online, and OneDrive for Business products. At that time too, the company claimed that none of its customer data had been compromised.

For the time being, it cannot be confirmed whether Microsoft is investigating this incident any further or what would be its stance if Anonymous Sudan’s alleged claims prove to be true.

TSMC Refutes Ransomware Gang’s Claim as Third-Party Supplier Discloses Data Breach Attack

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Taiwan-based TSMC (Taiwan Semiconductor Manufacturing Company) in a statement denied the claims of being hacked by the infamous ransomware group, LockBit. World largest chipmaker found itself on the group’s leak site due to the breach suffered by one of its IT hardware suppliers.

Meanwhile, TSMC in a statement, shared with different media outlets, disclosed that they were not attacked, rather one of their outsourced hardware suppliers had suffered a LockBit hack. In the cybersecurity incident, Kinmax Technology found that data related to initial server setup and configuration had been compromised.

The company further went on to say that the incident had not affected its business operations, nor compromised any customer information. TSMC also disclosed that after confirming that none of its network system had been impacted, ‘immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures’’.

The impacted supplier, Kinmax released a statement on 29 June 2023, where it disclosed the cyberattack, ‘’In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, [..] The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations. [..] The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future.’’

TSMC is said to be the largest player in the semiconductor market, worldwide. It employs more than 65,000 people with reported revenues of over $72 billion in 2022. The Taiwan-based Kinmax Technology is a systems integrator company that claims to partner with major companies like HPE, Cisco, Microsoft, VMware, Nvidia, RedHat, among others.