A global Microsoft outage on 30 July that affected video game Minecraft and email product Outlook was triggered by a distributed denial of service (DDoS) cyberattack, the tech giant has confirmed.
The news comes just two weeks after a CrowdStrike update caused 8.5 million computers to crash around the world.
The cyberattack on Microsoft also affected a number of companies and services including UK bank NatWest and the HM Courts and Tribunals Service.
What caused the latest Microsoft crash?
Starting on Tuesday (30 July) at 11:45am GMT, Microsoft said a “subset of customers may have experienced issues connecting to a subset of Microsoft services globally”.
Attackers targeted Microsoft with a DDoS attack, which meant they sent requests from a large array of different computers to a specific service to overload it.
The attackers specifically targeted Entra, a service that allows Microsoft users to log on to services. Without the use of this service, users were unable to log on.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataMicrosoft said it experienced an “unexpected usage spike” that saw Azure Front Door and Azure Content Delivery Network “performing below acceptable thresholds, leading to intermittent errors, timeout and latency spikes”.
However, although the cyberattack affected thousands of users, it was resolved within ten hours – much less time than the issues caused by CrowdStrike two weeks ago.
“We sincerely apologise for the inconvenience,” Microsoft said in a post on X.
Jake Moore, global cybersecurity advisor at ESET, said that seeing two major outages in such a short space of time “is unprecedented but maybe not entirely independent”.
“Cybercriminals are clearly testing their skill sets at greater lengths and businesses need to reflect on the amount of robust protection that is now required to hold off this next generation of attacks,” Moore said.