The lawsuit claims that Microsoft continued to utilize both matched and unmatched stolen account credentials for its own purposes, even though the agreement stipulated that non-Microsoft domain credentials would be destroyed. Hold Security further contends that Microsoft used the stolen account credentials without permission for an updated version of its Active Directory Federation Service, which enables federated identity and access management.
In response to the complaint, a Microsoft spokesperson stated that the claims in the lawsuit do not accurately reflect the terms of the contract. Microsoft has been in contact with Hold Security’s representatives in an attempt to resolve the dispute amicably. The spokesperson also mentioned that Microsoft plans to seek a dismissal of the claims and will provide further details in its forthcoming motion.
