I discovered a huge charge on my credit card today that was about 40 times my usual Azure bill. It seems hackers managed to spin up a ton of virtual machines without my consent. I've already turned off all those VMs, removed all users aside from my main account, and submitted tickets pleading for help. How bad is my situation? Also, I'm aware that there may not be sympathy from Microsoft—if I cancel all payment methods and my credit card, what will happen, especially considering this is a business account with potentially $30,000 in charges?
3 Answers
Honestly, you should open a case with Microsoft and explain your situation. They might refund you as a goodwill gesture. But I can't help but wonder how someone managed to create that many VMs without your approval. How many did they actually spin up? And for how long? It sounds like a serious oversight.
Did you set up budget warnings or appropriate permissions for the users you had? MFA is required, but if someone got their hands on a client secret, things could go sideways easily. Just don't use those secrets unless necessary—it can lead to issues like this.
It's hard to believe you got hacked if you're using Azure, given that MFA is mandatory now. I mean, you must have missed something. Have you checked the sign-in logs? Microsoft can definitely see if there are any anomalies. If you don't come clean with them about what really happened, you might be in more trouble later. Even if you stop payments, they might send your debt to collections, which can be a headache. Just be honest with Microsoft, as they sometimes forgive charges for legitimate issues.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads