iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A threat actor’s claims of a third-party data breach exposing Microsoft employees have been denied by Microsoft.
A threat actor named 888, who has claimed several high-profile victims in recent weeks, claimed to have stolen Microsoft employee data following an alleged “third-party data breach”, but Microsoft has raised doubts about the claim’s veracity.
888 made the claim in a 9 July post on a popular hacking forum, saying: “In July 2024, 2,073 Microsoft employees’ information were [sic] exposed after a third-party data breach.”
The threat actor said that the data included the following: first name, last name, job title, email, email verification status, direct phone number, corporate phone number, employees, industry, person LinkedIn URL, company website, person city, person state, person country, company phone number, email verification updated at, last updated time, and created time.
The post included a small selection of sample data that appeared to back up the claim, with the details of 10 alleged Microsoft employees – all from the company’s New Zealand office. However, the last two fields – last updated time and created time – were all dated September 2022.
When contacted by Cyber Daily, a spokesperson for Microsoft ANZ confirmed that the data was, in fact, outdated.
“We investigated and determined the data in question was outdated by several years and did not contain highly sensitive information such as passwords or credentials,” the spokesperson said. “To defend against potential attacks from the exposure of this kind of data, we continue to recommend following industry best practices to remain safe online.”
In addition, the spokesperson said that only the following data was in any way accurate: name, job title, email, LinkedIn URL, and location. The phone numbers were also found to be “identical generic company numbers”.
Cyber Daily’s own research confirmed that some of the individuals in the sample set are no longer Microsoft employees.
888 – who has made similarly debunked claims about Accenture recently – said they “breached” a third-party supplier, but the data looks likely to have been scraped from another database.
That said, at least one media outlet took the post at face value in an article headlined “Microsoft employees data leaked online via thrid-patry [sic] data breach – Exclusive!”
The article, posted on the Cyber Press website, went on to claim that its own researchers had confirmed the incident.
“The Cyber Press Research Team has validated the authenticity of the leaked data,” the article said. “Our researchers have confirmed that the exposed information is accurate and pertains to current Microsoft employees. This breach highlights the vulnerability of third-party vendors and the potential risks they pose to major corporations.”
The article refers to the data as “critical employee information” and shows a screenshot of another portion of the supposed leak – data that would only be available to someone who paid for it.
It also appears that at no time did anyone from Cyber Press reach out to Microsoft to confirm the data was accurate and current – which it clearly is not.
Admittedly, Microsoft has had some major security issues recently, most notably when it was revealed that a nation-state actor had accessed the details of thousands of US Defense Department employees earlier in the year, but in this case, there’s not much to back up 888’s grandiose claims.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
