Microsoft has filed a lawsuit against cybercriminals who bypassed security on its Azure OpenAI platform. The criminals are accused of using the service to generate harmful content.
Lawsuit Overview
In December 2024, Microsoft filed the lawsuit in Virginia, targeting ten unidentified individuals. These hackers, part of a foreign threat group, allegedly stole customer credentials. They then used custom software to access Microsoft’s AI services, including ChatGPT and DALL-E.
How the Hackers Gained Access
Azure OpenAI allows businesses to integrate OpenAI tools into their apps. For example, Microsoft powers services like GitHub Copilot through this platform. According to the lawsuit, the hackers stole credentials by scraping public websites. With this information, they bypassed security measures and gained unauthorized access.
Criminal Activities and Reselling Access
Once inside, the hackers modified the AI services to suit their needs. Subsequently, they resold access to others, providing detailed instructions on creating illegal content.
Content and Legal Actions
Although Microsoft did not disclose the specific content created, it confirmed that it violated company policies. Consequently, the lawsuit accuses the hackers of illegal access and causing significant damage. Microsoft is now seeking a court order to prevent further harm and stop the criminals from continuing their activities.
Seizing Evidence
Additionally, Microsoft aims to seize a website crucial to the criminal operation. Doing so will help gather evidence, identify the perpetrators, and dismantle the infrastructure supporting these illegal activities.
Strengthened Security
In response to the breach, Microsoft has already implemented stronger security measures. Furthermore, the company is working to ensure that future attacks are prevented and that its platform remains secure.
Violating US Laws
The hackers’ actions violated several US laws, including the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act. As a result, Microsoft is determined to hold those responsible accountable and prevent similar incidents from occurring again.