Microsoft has been accused by cybersecurity company, Hold Security LLC, of violating the terms of their 2014 agreement by unlawfully using stolen login information. The accusing company has filed a lawsuit in the Supreme Court of the King in Seattle, Washington.
According to the agreement, Microsoft gained access to the Hold Security database, which stores compromised login details from the Darkweb, to ensure the safety of their customers. However, the accusing company claims that Microsoft misused the access given to them and used over 360 million stolen accounts for other purposes.
The lawsuit accuses Microsoft of not destroying data unrelated to them, as well as using the accounting data without permission to create its Active Directory Federal Services (ADFS), Github and LinkedIn administration. Furthermore, Microsoft is suspected to have intercepted historical data and shared them with third parties using the edge browser.
Hold Security discovered the breach in the agreement in 2021 after which they confronted Microsoft. The tech giant has responded by denying all accusations, calling out Hold Security for distorting the terms of the agreement and rejecting the claims made in the lawsuit.
“The purpose of the agreements between the parties was that Microsoft compares the received stolen accounts with their own data of their customers in order to notify users about compromise,” explained Hold Security. The company claims that Microsoft’s action was a breach of this vital agreement.
The lawsuit is expected to damage the reputation of Microsoft and also raise questions concerning the safety of their customers. It is unclear what the consequences of this lawsuit will be for both parties, but Microsoft is determined to achieve deviation of claims.