Microsoft Sued for Allegedly Misusing Stolen Passwords
A security firm has filed a lawsuit against Microsoft, alleging that the company misused a database of stolen passwords
Software giant Microsoft (MSFT) is being sued by cybersecurity firm Hold Security LLC, which claims that the company mishandled a vast database containing over 360 million logins and passwords. Hold Security alleges that Microsoft violated their contractual agreement by exceeding the agreed scope of use for the stolen account credentials. The lawsuit was filed in King County Superior Court in Washington state.
According to Hold Security, the firm provided Microsoft with access to the compromised emails and passwords in 2014 to help protect Microsoft customers. However, in subsequent years, Microsoft allegedly used the information beyond the agreed-upon purpose, including for the administration of Microsoft-owned LinkedIn and Github. Hold Security discovered the improper use in early 2021 and contacted Microsoft, but the tech company refused to adhere to the agreed scope of use.