The database had an enormous quantity of medical test results, which included the names of patients, physicians, and other sensitive health information such as the location of where the testing sample was performed (at home or at a medical institution), amongst a broad variety of other information. There were a substantial amount of records overall, with a total count of 12,347,297 and a total size of 7 terabytes (TB). After additional research, it was discovered that the papers included a watermark indicating that they belonged to a corporation situated in India known as Redcliffe Labs. I did not waste any time in sending a responsible disclosure notification, and I was promptly rewarded with a response that acknowledged my finding and thanked me for my efforts. It is unknown how long the information was available to the public or whether any unauthorised persons viewed the supposed health records before public access was limited the same day. However, public access was restricted the same day. On the other hand, the database included a folder labelled “test results” that held more than six million PDF documents. This may point to either the fact that a much larger number of consumers were possibly impacted or the possibility that there were repeated tests from the same customers.

The Digital Personal Data Protection Act, 2023 (DPDP Act) is the name of a broad new privacy legislation that was passed into law in India in the month of August 2023. The Data Protection and Development Act (DPDP) is India’s first all-encompassing data protection legislation. It addresses a broad variety of data-related concerns and is applicable to any business that conducts operations inside India or whose clients are located in India.

Companies that have experienced a data breach are required under the DPDP Act to notify the relevant authorities as well as the people whose personal information was compromised within the first 72 hours after the breach has been identified and validated. In addition, the DPDP Act includes a provision that levies monetary fines on businesses that do not adhere to the newly implemented standards. The fines may vary anywhere from INR 10,000 (about equivalent to USD 120) to INR 250 crore (roughly equivalent to USD 30.2 million).

As of the time that this article was published, it is unknown if Redcliffe Labs has informed the appropriate authorities or the people who might possibly be impacted by the data disclosure that occurred earlier. There were a total of 12,347,297 entries in the database, which had a total size of seven terabytes Documents that were categorised as “Reports” had a total number of objects of 1,180,000 and a total size of 620.5 gigabytes. These, too, were test findings, and the report seemed to be in its most basic form; there was no header logo.

Intelligent Report Archiving: There are a total of 1,164,000 items, and their combined size is 1.5 terabytes. The findings of the exam were presented in these publications in an info-graphic format.

“Test results” folder contains the following: There are a total of 6,090,852 items, and their combined size is 2.2 terabytes.

A variety of other folders, each holding files that are not password protected: There are 3,912,445 items in all, and their combined size is 2.7 gigabytes. These folders included a total of.PDF files, papers used internally by the company, logging data, mobile application development files, and other types of files.

The database not only housed millions of medical records, but it also held the development files from their mobile application. Leaving application files open to the public presents the possibility of a serious danger falling into the wrong hands. The functionality of an application as well as the data that is sent from the user to the host server may be controlled by these files. This information or these files might possibly be used by malicious actors to carry out a variety of assaults, which could jeopardise the data of users, the operation of applications, or the security of the mobile device itself.

The alteration or change of the application’s source code files is one of the most significant potential threats. The files might be altered in such a way as to incorporate a malicious code execution, which would make it possible for hackers to undermine the app’s integrity and security, inject malware, or add additional features without authorization. As soon as the code has been altered, malicious actors have the opportunity to steal or get access to a patient’s confidential data, which may include the results of tests, scans, or other sensitive information. If hackers were to obtain access to a user’s health and medical testing information, this might lead to major abuses of the user’s privacy. In addition, accessible code or resource files might theoretically be used in reverse engineering, analysis, or decompilation of the application in order to get insight into how the programme operates. It’s possible that this may lead to the discovery of new vulnerabilities and weaknesses that can be used in the future for malicious purposes.

The post Redcliffe Labs, India’s Medical Diagnostic Company leaks 7 TB of customer data. Will it pay 250 crore fine? appeared first on Information Security Newspaper | Hacking News.

MGM Resorts encountered a devastating cyberattack recently, incurring an approximate financial setback of $100 million. Unveiled on September 11, this digital attack led to the temporary shutdown of multiple systems within MGM’s various properties, disrupting operations and inflicting significant monetary losses.

Details of the Attack

The digital onslaught on MGM Resorts wasn’t confined to a single property but spread across its flagship resort and other prestigious properties like Mandalay Bay, Bellagio, The Cosmopolitan, and Aria. The cybercriminals managed to disrupt a range of operations, from the functioning of slot machines and the systems overseeing restaurant management to the technology behind room key cards. Despite the containment efforts by MGM, the attackers successfully exfiltrated a diverse set of customer data, including but not limited to names, addresses, phone numbers, driver’s license numbers, Social Security numbers, and passport details. Fortunately, credit card details remained secure and unaffected.

Economic Fallout

The cyber intrusion had a profound economic impact on MGM Resorts, with losses estimated around $100 million. This financial blow is anticipated to ripple through the earnings of the third and fourth fiscal quarters. However, MGM remains optimistic, projecting a 93% occupancy rate in October and planning for a complete operational recovery in Las Vegas by November. Expenses related to the cyberattack, including consultancy fees, legal services, and other related costs, amounted to less than $10 million.

Compromise of Customer Data

A vast array of customer data, from Social Security numbers to passport details, was pilfered during the cyber attack. The total count of individuals affected by this breach remains uncertain as MGM has not issued any comments on this matter. Proactive measures have been initiated by MGM Resorts to assist the victims of this data breach, including the establishment of dedicated phone lines and informational websites. The company also intends to reach out to the affected individuals via email, extending offers for identity protection services.

Identity of the Attackers

Initially, the cyberattack was attributed to hackers affiliated with a group known as Scattered Spider. This group later joined forces with a Russian ransomware collective known as Black Cat/AlphV. Scattered Spider has a notorious reputation, being implicated in several major cyberattacks over the past year, targeting entities like Reddit, Riot Games, Coinbase, and even another major player in the casino industry, Caesars Entertainment.

Recovery and Response

In response to the cyberattack, MGM Resorts took immediate action by shutting down all its systems to thwart further unauthorized access to customer data. Since these initial countermeasures, the company’s domestic properties have seen a return to normalcy in operations, with the majority of systems that interact with guests being restored. Efforts are ongoing to bring the remaining affected systems back online, with full restoration anticipated in the near future.

Conclusion and Future Implications

The cyberattack experienced by MGM Resorts highlights the substantial risks and potential financial damages associated with digital security breaches in the hospitality sector. With the compromise of sensitive customer information and the incurrence of hefty financial losses, this incident serves as a stark reminder for all businesses in the industry to bolster their cybersecurity infrastructure to safeguard against future digital threats. The episode underscores the imperative for continuous investments in state-of-the-art cybersecurity mechanisms and protocols to preemptively mitigate the risks of future cyber-attacks and protect sensitive customer data.

The post How MGm Resorts lost $100 million as a result of a simple vishing call appeared first on Information Security Newspaper | Hacking News.

Wiz made the discovery that this account included 38 terabytes worth of confidential Microsoft data, which included the following:

Backups of the machines used by employees, which may include passwords, secret keys, and internal communications sent via Microsoft Teams.

Over 30,000 private communications sent by 359 Microsoft workers using the Microsoft Teams platform. The underlying problem was that Azure Shared Access Signature (SAS) tokens were being used without the appropriate permissions being scoped. Access to Azure storage accounts may be controlled at a finer grain using SAS tokens. On the other hand, if the configuration is not done correctly, they might provide an excessive number of permissions. A Shared Access Signature (SAS) token in Azure is described as a signed URL that provides access to Azure Storage data by the Wiz team. This information can be found on the Azure website. The user is able to modify the access level to their liking; the permissions may vary from read-only to full control, and the scope can be a single file, a container, or the whole storage account.

Additionally, the user has total control over the expiration time, giving them the ability to generate access tokens that never expire.

Instead of providing read-only access to the storage account, the token in this instance granted complete control of the contents of the account. In addition, there was no date of expiration, which meant that access would be granted forever.As a result of a deficiency in monitoring and control, SAS tokens provide a potential threat to data security; hence, their use should be restricted to the greatest extent feasible. Because Microsoft does not provide a centralized method to handle these tokens inside the Azure interface, keeping track of them may be an extremely difficult task. In addition, the duration of these tokens may be customized to practically endure forever, and there is no maximum age at which they can be used. Consequently, it is not a secure practice to use Account SAS tokens for external sharing, and users should refrain from doing so. – In addition, the Wiz Research Team said.

Because there is a lack of control, Wiz suggests putting restrictions on how account-level SAS tokens may be used. In addition, separate storage accounts should be used for any and all reasons involving external sharing. It is also recommended to do appropriate monitoring as well as security evaluations of shared data.

Since then, Microsoft has invalidated the exposed SAS token and carried out an internal evaluation of the damage it may have. Additionally, an acknowledgment of the occurrence can be found in a recent blog post written by the corporation.

Because more of an organization’s engineers are now working with enormous volumes of training data, this story illustrates the additional dangers that businesses face when beginning to utilize the capability of artificial intelligence more generally. The enormous volumes of data that data scientists and engineers work with need extra security checks and precautions as they work to get innovative AI solutions into production as quickly as possible.

The post Microsoft AI team leaks 38 GB of confidential data, including employees disk backup appeared first on Information Security Newspaper | Hacking News.

The IT team at the National Science Foundation’s NOIRLab discovered suspicious behavior in the laboratory’s computer systems early on the morning of August 1. This led to the decision to temporarily halt activities at the huge optical infrared telescopes located on Hawaii’s Maunakea for the sake of safety.

The ‘double’ telescope located in the southern Andes of Chile was already in the process of being prepped for maintenance and required very little more work.

Even while it is unclear what kind of threat, if any, the telescopes themselves would have been exposed to, this threat serves as a reminder that doing scientific research is an expensive endeavor, with astronomical research facilities needing yearly budgets that can easily reach into the millions of dollars.

There is a cost incurred by the scientific community for each day that passes with the facilities being unavailable to researchers. Not just monetarily, but also in terms of the data that was lost.

Because astronomical studies sometimes need activities to be precisely scheduled, disturbances like this have the ability to completely derail whole research efforts if a sufficient number of important observation windows are missed.

Even though this is one of the first ransomware intrusions on a scientific research institution, hacks against astronomical facilities aren’t exactly unheard of.

Hackers gained access to the Atacama Large Millimeter Array Observatory in Chile through a virtual private network in October 2022, which resulted in the facility being forced to shut down for many months at a cost of around US$250,000 per day.

It is assumed that the purpose of the “particularly sophisticated” hack had been to extract money from the observatory’s consortium of operators. This is consistent with the suspicion that the intrusion was a ransomware attempt.

In its most recent statement, the lab said that it was “continuing its efforts to diligently investigate and resolve the cybersecurity incident that occurred on its computer systems on August 1st.”

Many helpful resources, like the website Gemini.edu, were unavailable to scientists and amateurs as a result of the tragedy.

“Our team is collaborating with cybersecurity specialists to quickly restore internet access to all affected telescopes and our website, and we are pleased with the results thus far. We are unhappy that several of our telescopes are not now watching, as is the whole astronomical community, according to NOIRLab.

Since the notional launch date was set for August 31, the Lab was compelled to postpone a Gemini Call for Proposals for the Semester beginning on February 1 of the following year.

“We continue to make data available via our website because we think that open access and information sharing are essential for good scientific cooperation. The Lab states that “we are constrained in what we can reveal about our cybersecurity measures and investigative results since our investigation into this issue is continuing.

Several years prior to that, an unlicensed Raspberry Pi that was linked to computers at NASA’s Jet Propulsion Laboratory enabled unlawful access to the Deep Space Network. As a result of this, the Johnson Space Center was forced to withdraw their own mission systems from the gateway entirely.

More money will be required to safeguard the information technology at the center of the scientific infrastructure for researching the universe as projects increase in scope and complexity and in size, as well as as attacks become more sophisticated.

The post Two world’s biggest telescopes hacked by Ransomware attack appeared first on Information Security Newspaper | Hacking News.

Forever 21 disclosed, in a short statement that was published on the company’s website, that it had obtained information from a third party indicating that the company’s security may have been breached. There are around 500 physical sites of Forever 21, in addition to an online shop. After a large-scale theft of credit card details from its shop point-of-sale equipment in 2017, this is the second data breach that has occurred in recent years for the company.

After further examination, it was discovered that despite the fact that the firm had implemented encryption and enhanced security measures in 2015 in response to a string of attacks against other shops, “certain point of sale devices in some Forever 21 stores were affected” because encryption “was not in operation.”

According to the firm, it is currently in the process of collecting evidence, and it is too soon to release any other information at this time, including which specific locations may have been compromised and the time periods during which consumers may have been placed at danger.In 2008, the United States Department of Justice brought charges against a group of individuals who were responsible for stealing the credit card information of hundreds of millions of customers from large stores such as TJ Maxx, Barnes & Noble, Boston Market, and Forever 21.

Forever 21 alerted 539,207 persons, according to the notification, that the data breach included their name, date of birth, bank account number, and Social Security number, as well as information about workers’ Forever21 health plan, including enrollment and premiums paid.

Forever 21 did not provide any further details on the issue beyond the fact that one of its computer systems had been compromised, but the company did say that “Forever 21 has taken steps to help assure that the unauthorized third party no longer has access to the data.” It is not quite obvious how Forever 21 came to declare that they have assurance. Because of the notice’s unclear phrasing, it is possible to infer that the corporation paid the hacker in return for the data being deleted.

The post Forever 21, fashion company hacked, customer personal data leaked appeared first on Information Security Newspaper | Hacking News.

According to a study on the events that was published on Wednesday by the cybersecurity company Proofpoint, the attacks demonstrated both the ubiquity of pre-packaged phishing-as-a-service toolkits as well as the increasing bypassing of multi-factor authentication in order to get access to accounts.

It was discovered that EvilProxy was sending 120,000 phishing emails to more than a hundred different companies in an attempt to obtain Microsoft 365 credentials. In the last five months, Proofpoint has seen a concerning increase in the number of successful compromises of cloud account credentials. The vast majority of the attacks were directed against high-ranking officials. According to the researchers’ estimates, the campaign targeted more than one hundred firms throughout the world, which had a total of one and a half million workers.

There were around 39% C-level executives among the victims, 17% of whom were Chief Financial Officers, and 9% of whom were Presidents and CEOs.

At least 35 percent of all users whose accounts were compromised in the previous year had MFA activated, which the researchers discovered to be a substantial rise in the number of account takeovers that occurred among renters who had MFA protection.

Threat actors operating at a very large scale relied heavily on brand impersonation, evasion strategies, and a multi-step infection chain (threat actors redirected traffic through open genuine redirectors).

Researchers from ReSecurity stumbled into the Phishing-as-a-Service (PhaaS) platform known as EvilProxy in September of 2022. The site was offered on the Dark Web. According to some reports, the alternate moniker is Moloch, which may have some link to a phishing-kit that was built by a number of well-known underground players who previously attacked financial institutions and the e-commerce industry.The bundle may be purchased anonymously on the dark web for a sum of four hundred dollars as of the autumn of last year.

As per experts EvilProxy actors circumvent two-factor authentication by using the Reverse Proxy and Cookie Injection techniques. This allows them to proxy the victim’s session. However, now that these approaches have been effectively productized in EvilProxy, it emphasizes the relevance of the development in attacks against online services and MFA authorization systems. In the past, similar tactics have been observed in the targeted campaigns of APT and cyberespionage organizations.

The post How $400 toolkit EvilProxy was used to send 120k phishing emails to hundreds of companies appeared first on Information Security Newspaper | Hacking News.

Tempur Sealy has sought the advice of legal counsel, a cybersecurity forensic company, and other incident response specialists, and has also notified the relevant law enforcement authorities.

Several Tempur Sealy shops contacted Furniture Today to report that they had been unable to place orders and that they had not received shipments.

Tempur Sealy has said, in an 8-K document that it has filed with the United States Securities and Exchange Commission, that it is in the process of getting its “critical IT systems back online and has resumed operations.” According to the new regulations issued by the SEC, publicly listed corporations have just four days to notify any breaches that may have an effect on their financial performance.

According to the filing, “The forensic investigation continues,” and the firm is “continuing to work to determine whether this incident will have a material impact on its business, operations, or financial results.” “Should it become clear that any personal information was compromised, the company will make every effort to fulfill any reporting obligations that it may be required to fulfill in accordance with such information by virtue of the applicable law,”

The post Mattress Company Sealy shuts down IT systems and production plant after a big hack appeared first on Information Security Newspaper | Hacking News.

A letter that was sent out on Thursday by the Ministry of Foreign and Diaspora Affairs, it was stated that “There is currently a challenge in the Government e-citizen platform.”Therefore, travelers will be awarded visas upon arrival at all entry ports in Kenya, regardless of where they enter the country. Additionally, the administration wants to notify any and all airlines that have passengers on board who are going to Kenya,” the statement read. The electronic visa application will often accept applications; nonetheless, these applications are required to be accompanied by the appropriate evidence in order to authenticate entry.

Because each application will now be evaluated at the same time, there is a possibility of increased wait times at airport border clearance offices as a result of the implementation of visas upon arrival for all travelers.”The government had earlier explained that the downtime that is being experienced on the eCitizen portal has been caused by hackers attempting to jam the portal through an overload of data requests,” ICT Cabinet Secretary Eliud Owalo confessed. “The downtime that is being experienced on the eCitizen portal has been caused by hackers attempting to jam the portal through an overload of data requests.”

A group that goes by the name Anonymous Sudan has taken responsibility for the attack, claiming that they carried it out as a form of protest against Kenya’s purported intervention in the internal affairs of Sudan.

According to the statement, the organization has also targeted mobile money transfer platforms, electronic banking systems, and other electronic services similar to those of the utility company Kenya Power. Customers of Kenya Power and some banks were informed of an outage in the system, but no information about hacking was provided.

“A cyber-attack was launched against the eCitizen platform, however no data was obtained or lost as a result of the assault. “We are addressing that, and we are not just coming up with instant remedial measures to address the current situation, but we are also ensuring that we build an elaborate risk mitigation framework,” stated the CS on Spice FM. “We are addressing that, and we are not just coming up with instant remedial measures to address the current situation.” “In this particular instance, they attempted to jam the system by making a greater number of requests into the system than is typical, which resulted in the system’s performance becoming more sluggish.”

The post Kenya to only grant visas on arrival after online visa system hacked appeared first on Information Security Newspaper | Hacking News.

Zellis, a firm that provides payroll services to corporations in the UK, including British Airways (BA), BBC, Boots, and DHL, is one of the organizations that have been impacted by this issue. As a direct consequence of the cyberattack on Zellis, the personally identifiable information of current and previous workers for BA, BBC, Boots, and DHL has been obtained. Zellis has published a statement in which it confirms that it has been the victim of a data breach, which has affected some of its clients. Since then, British Airways, the BBC, Boots, and DHL have all notified those workers and former employees whose personal information was compromised that they have been hacked.

The following are part of the data breach:

In the case of DHL, this includes the workers’ DHL payroll number, first name, last name, date of birth, National Insurance Number, first line of address, employment start date, employment finish date (for leavers), date of employment start, and first line of address.

The fact that this cyber-attack is quite similar to others that have been carried out by the infamous Russian ransomware gang C10p (Clop) has led experts in the field of information technology to conclude that the group is responsible for the attack. Additionally, Clop has published a warning on its darknet website indicating that they have exploited vulnerabilities in the MOVEit software in order to steal data from “hundreds of companies.” They have told the affected organizations to get in touch with them in order to come to an agreement on a ransom payment, or else they would begin publicizing the material that they have stolen. Following the passing of the deadline, Clop has begun publicly identifying corporations and exposing data that they have stolen. To this day, it would seem that they have not been able to identify Zellis, BA, BBC, Boots, or DHL.

Researchers from Emsisoft have been keeping track of the amount of firms that are implicated. They have discovered that at least 383 organizations have been impacted, and as a consequence, the information of 20,421,414 individuals has been compromised.

This week, many organizations in Maine have confirmed the data that was accessible via MOVEit by filing documentation with the state’s regulatory authorities. Some banks and other financial institutions have reported that hundreds of thousands of their clients have been compromised, while other, more prominent firms have verified data breaches with fewer individuals affected.

Only a small number of people who had their data stolen by MOVEit are expected to pay compensation, according to estimates provided by Coveware. In spite of this, it is still anticipated that Clop would acquire an amazing $75–100 million from these payments alone, which is not surprising considering the enormous ransom demands.

According to Coveware, “it is likely that the CloP group may earn between $75 and $100 million dollars just from the MOVEit campaign,” with that total coming from only a small number of victims that succumbed to extremely expensive payments. “It is likely that the CloP group may earn between $75 and $100 million dollars just from the MOVEit campaign.”

The post Clop ransomware hacked DHL, summing up 20 million victims & profit of $100 million via MOVEit appeared first on Information Security Newspaper | Hacking News.

This hacking group instead went straight to the source by targeting new and unreported vulnerabilities in Microsoft’s cloud, in contrast to what China has done, which was to individually break into Microsoft-powered email servers in order to take business data. China employed flaws that were not previously known in order to do this.

Microsoft said in a blog post that the hackers were able to get one of the business’s consumer signing keys, also known as an MSA key. These keys are used by the company to protect customer email accounts, such as those used to access Outlook.com. Microsoft has said that it first believed the hackers were forging authentication tokens using an obtained business signing key. These authentication tokens are used to safeguard corporate and enterprise email accounts. However, Microsoft discovered that the hackers were utilizing the consumer MSA key to manufacture tokens that enabled them to get into business inboxes. These tokens were forged using the consumer MSA key.

Microsoft has said that it has stopped “all actor activity” relating to this event, which may indicate that the attack is concluded and that the hackers have lost access to the system. Even though it is unknown how Microsoft lost control of its own keys, the corporation has said that it has tightened its key issuance processes, most likely to prevent hackers from producing another digital skeleton key. This is despite the fact that it is unclear how Microsoft lost control of its own keys.

The hackers did one very important thing wrong. Microsoft said that investigators were able “to see all actor access requests which followed this pattern across both our enterprise and consumer systems” since the hackers had used the same key to access many inboxes throughout their investigation.

Despite the fact that Microsoft’s extended disclosure provided a glimpse of more technical data and signs of penetration that incident responders may review to see whether their networks were targeted, the technology giant still has questions to answer.

The post With thousands of cybersecurity employees, Microsoft still doesn’t know how it got hacked appeared first on Information Security Newspaper | Hacking News.

The massive photographic provider Shutterfly, which has its headquarters in California, has become the most recent victim of the data leak site run by Clop. The firm runs a number of other brands in addition to Shutterfly.com. Some examples of these brands are Spoonflower, Snapfish, Lifetouch, and Shutterfly Business Solutions (SBS).

This week, the Clop ransomware group published a blog in which they claimed that “the company does not care about its customers [and] it ignored their security!!!.”

However, in a statement , a spokeswoman for Shutterfly strongly disagrees with this assessment.

“Shutterfly can confirm that it was one of the several firms that were vulnerable due to the MOVEit flaw. According to the individual who talked with the cybernews site, the enterprise business section of Shutterfly known as Shutterfly Business Solutions (SBS) has utilized the MOVEit platform for part of its operations.

“As soon as the company became aware of the vulnerability at the beginning of June, they moved quickly to take action. They immediately took the relevant systems offline, implemented patches that were provided by MOVEit, and started a forensics review of certain systems with the assistance of leading forensic firms.”

“After conducting an in-depth investigation with the assistance of a leading third-party forensics firm, we have no indication that any Shutterfly.com, Snapfish, Lifetouch, nor Spoonflower consumer data or any employee information was impacted by the MOVEit vulnerability,” the spokesman said. “Shutterfly.com, Snapfish, Lifetouch, nor Spoonflower consumer data was also not impacted by the MOVEit vulnerability.”

It is not obvious what information Clop intends to use in order to blackmail the picture giant. If Shutterfly has determined that customer data is secure, then the only thing that Clop may be able to use as leverage is their intellectual property, provided that they have managed to get anything at all. Every week, the number of businesses that have had their systems compromised by Clop because of unpatched MOVEit instances increases. The developer of MOVEit, Progress Software, issued a warning in June that their file transfer platform included a total of three vulnerabilities that malicious actors might take use of. Multiple resources are made available to IT administrators by the firm in order to thwart threats.

The post Shutterfly photography and image sharing company hacked by ransomware appeared first on Information Security Newspaper | Hacking News.

At the beginning of this month, the hacking gang made the claim that it successfully attacked Microsoft and obtained a database that held information on more than 30 million Microsoft accounts, including passwords. They also claimed that they obtained the database.

The information was advertised for sale on a Telegram channel by the gang, which is requesting a price of $50,000 for the whole database. The post contains a sample of the data, which consists of one hundred credential pairings; nevertheless, the data cannot be connected to the purported attack.

The following statement was released by the organization: “We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email, and passwords.”

Anonymous Sudan is requesting that prospective purchasers negotiate with their bot by contacting them. According to the findings, the organization has been operational since January of 2023. It carried out distributed denial of service assaults on targets in vital infrastructure in nations like as Sweden, Australia, Germany, and Israel.

Microsoft has refuted the accusations that a data breach occurred. Microsoft said that the results of its investigation of the data that was readily accessible led them to the conclusion that the claim was not credible and that the data that was provided was an amalgamation of facts.

Microsoft asserts that Anonymous Sudan is responsible for creating the data by merging previously compromised or stolen data sets with new information. The site was informed by a spokeswoman for Microsoft that the company has not seen any evidence to suggest that user data was accessed or otherwise compromised.

Microsoft may investigate the accusations using one of two primary approaches. Either it may examine the data that was made publicly available to assess the veracity of it, or it can conduct an investigation into its own systems to establish whether or not a security breach had place. It’s possible that Microsoft’s first response to the breach was released online in order to discourage prospective customers.

The post Anonymous hacker group say they stole 30 million Microsoft customer credentials appeared first on Information Security Newspaper | Hacking News.