User loses 25 years of data after a Microsoft account hack, with no way back

jenic_1 pts1 comments

User loses 25 years of data after a Microsoft account hack, with no way back - Neowin

DEALS

Software

Gaming

Reviews

Guides

Hands On

Specs Appeal

Opinion

Windows 11

Write for us?

Send news tip

-->

As cloud storage replaced physical drives as our preferred medium for storing data, many users are under the impression that we moved on to a safer option. Cloud data can’t get damaged the same way a USB drive can, and nobody can physically steal it. However, a recent example shows that even when your data is stored in the cloud, it’s not always safe.

Streamer Joshua Khane recently went to X to say that Microsoft permanently suspended his account after it was compromised. This resulted in cutting access to 25 years of stored data along with his OneDrive files, including what he described as his son's baby photos.

This all happened after Joshua Khane’s account was hacked into, with the attacker changing all the relevant security data. Khane says Microsoft had acknowledged he was the account's rightful owner and that it had been hacked, yet still left him locked out rather than restoring access.

An email from Microsoft support states that the company’s protocols prevent staff from modifying or restoring accounts where security settings were altered. The email describes the suspension as permanent and necessary to prevent further misuse.

It also states that any content tied to the account, in Khane’s case Minecraft and photos, is unrecoverable. Microsoft instead recommended Khane purchase games and other services again on a new account. OneDrive files are described the same way, with Microsoft saying its own engineers can't retrieve them due to encryption and privacy safeguards.

Image: Joshua Khane / X.com

To put it simply, it looks like Khane has permanently lost access to his OneDrive account, and there’s no way to recover anything.

Users on social media quickly took Khane’s side, harshly criticizing Microsoft for its actions. Khane’s original post amassed over 2 million views in just 11 hours, and prompted people to come forward with reports about similar issues they had dealt with.

As unjust as this looks from the outside, Microsoft’s terms of service actually give the company grounds to do this. According to Microsoft's published OneDrive security information, every file is encrypted at rest with a unique AES256 key, and those keys are themselves encrypted using master keys stored in Azure Key Vault. It's Microsoft’s own architecture that makes sure content is unreachable once an account is locked out of its own recovery path.

Furthermore, Microsoft’s terms of service say that if the company suspects an account is at risk of fraudulent use following a hack, it may suspend the account and disable access to some or all of a user's content.

The Agreement itself doesn't state that this outcome is guaranteed to happen. In practice, though, severe cases like Khane's, where the attacker has already replaced the account's security settings, often make reclamation through Microsoft's standard recovery process effectively impossible.

That's likely how a suspension meant as a temporary safeguard ends up becoming permanent. Also, the terms mention that the suspension is in place until a user is able to confirm their identity. However, Khane never said he was offered a chance to confirm his identity.

Microsoft hasn’t publicly commented on the situation yet.

In reality, behind legal disclaimers, a person has lost access to years of stored data and “thousands of euros” in purchases, and that’s the biggest damage in this case. Maybe increased publicity could help Khane retrieve his content, just like it did for this Brazilian Xbox player.

Khane himself said that he didn’t properly secure his account prior to the attack. So, if your own Microsoft account isn’t properly secured, it’s highly recommended that you take the necessary steps, like enabling the 2-factor authentication, to avoid a case like this happening to you.

It's also worth mentioning that these are all real risks of renting someone else’s architecture, where we have no say in setting the rules. It’s as convenient as it is unforgiving.

Tags

Microsoft

Onedrive

Microsoft account

Security

Follow us onGoogle News

Add as a preferredsource on Google

Follow@NeowinFeed

Post

Like

Share

Share

Share

RSS

Report a problemwith this article

Related Stories

Get the Neowin newsletter

Subscribe

We'll send you a confirmation link. You can unsubscribe at any time.

🛍️ Shop on Amazon using our link:

shop at Amazon at no extra cost

☕️ Support us with a virtual coffee:

2.00 Dollars ($)<br>5.00 Dollars ($)<br>10.00 Dollars ($)<br>20.00 Dollars ($)<br>25.00 Dollars ($)<br>50.00 Dollars ($)<br>100.00 Dollars ($)

🏦 Or support us with a bank transfer

Community Activity

Refresh

UniFi Dream Router 7 & ZTE MC801A 5G

in<br>Smart Home, Network & Security

Plex are upping their Lifetime Pass to $750 from July 1st

in<br>Back Page News

Should YouTube transcript...

microsoft account khane data dollars security

Related Articles