Hold Security is taking Microsoft to court for alleged misuse of supplied dark web data. The tech giant is said to have processed all data at its own discretion in violation of terms and conditions.
Hold Security is dragging the tech giant to US court for violating 2014 data-use agreements. At issue is data collected by the dark web security specialist. It pertains to a total of 360 million sets of login data.
Hold Security had provided Microsoft with this data on the condition that this stolen data would be compared only with the accounts of Microsoft end users. This allowed the tech giant to alert end users that their data was on the street. According to the contract, the data that would not match Microsoft accounts had to be deleted.
Conditions ignored
The security specialist said the tech giant did not abide by the terms. In creating the on-prem security token service Active Directory Federation Services (ADFS), Microsoft allegedly misused the Hold Security data unauthorized.
In addition, the tech giant allegedly used the data incorrectly and was unauthorized to manage its LinkedIn and GitHub services. According to the security specialist, these services were acquired after the deal in 2014 and thus were not part of the original agreement.
Furthermore, the tech giant allegedly seized historical data and made it available to third parties via the Edge browser. Last but not least, Microsoft reportedly launched a smear campaign against the security company when the (possible) misuse was agitated.
Microsoft’s response
In a response to The Register, the tech giant says it is in talks with Hold Security about the allegations. Microsoft further indicates that the points raised in the lawsuit did not violate the terms of the contract and therefore indicates that it intends to remove them.
Also read: Copyright lawsuit against GitHub, Microsoft and OpenAI continues