https://bit.ly/3CpYdgf - 🔒 Microsoft is being accused by cybersecurity company Hold Security for misusing its database of more than 360 million stolen credentials from the dark web, which Microsoft was granted access to in 2014. Hold's allegation is that Microsoft violated their agreement by using the data for more than just matching compromised accounts with Microsoft's customer accounts. #Cybersecurity #Microsoft #HoldSecurity ⚖️ According to the lawsuit filed by Hold, Microsoft was only allowed to match the stolen credentials against their customers' accounts to alert them of the potential compromise. Any data that didn't match was supposed to be untouched, while data related to accounts was meant to be deleted post-notification. However, the suit alleges that Microsoft did not stick to these terms. #CyberLaw #DataPrivacy 💼 The lawsuit suggests the misuse started four years into their partnership, stating that Microsoft "improperly and without authorization utilized stolen account credentials" in creating the Active Directory Federation Services (ADFS), a Microsoft on-prem security token service. #MicrosoftADFS #DataMisuse 🔎 Furthermore, the suit accuses Microsoft of "improperly and without authorization" using the stolen accounts for its administration of LinkedIn and GitHub. The suit also suggests that Microsoft made the historical data accessible to third parties through its Edge browser. The exact method by which this was accomplished remains unclear. #LinkedIn #GitHub #MicrosoftEdge ⚠️ Hold Security claims to have discovered in 2021 that Microsoft was "wrongfully retain[ing] stolen account credentials in contravention of the parties' agreement." It alleges that Microsoft refused to stick to the agreed scope of use and continued to utilize the accessed stolen account credentials for its own purposes. #DataProtection #UserSecurity 😡 The lawsuit also alleges a harassment campaign by Microsoft against Hold Security and its CEO Alex Holden when disputes began to arise. Hold's lawyers claim Microsoft directed its employees to cease collaboration with Hold following claims made by Holden criticizing Microsoft's takedown of the TrickBot network. #WorkplaceHarassment #BusinessDisputes 📧 In response, a Microsoft spokesperson stated, "Over the past several months, Microsoft has been in contact with Hold Security’s representatives in an effort to resolve amicably a dispute over the parties’ contractual relationship. Because the claims in the lawsuit do not accurately reflect the contract’s terms, Microsoft will be seeking a dismissal of the claims."