Writing in the Volish bog, the Digital Crimes Unit assistant general counsel, Steven Masada said the group used compromised accounts and unauthorized tools to generate harmful and illicit content, creating a platform for profit.

The lawsuit, filed against 10 unnamed defendants, alleges that three individuals orchestrated the service, which ran from July to September 2024 before being shut down by Microsoft.

They then compromised the legitimate accounts of paying customers and combined those two things to create a fee-based platform people could use. The service included tools and instructions for bypassing Microsoft’s AI guardrails, allowing users to create offensive and harmful material.

The hackers allegedly used a proxy server to relay traffic between customers and Microsoft’s AI servers. The proxy exploited undocumented network APIs to mimic legitimate Azure OpenAPI requests, using stolen API keys for authentication. These credentials were likely obtained through unauthorized network access or by searching code repositories where developers had inadvertently included sensitive data—a long-standing security issue Microsoft has warned against.

Microsoft’s legal complaint accuses the defendants of violating multiple laws, including the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, and the Racketeer Influenced and Corrupt Organisations (RICO) Act. Additional claims include wire fraud, access device fraud, common law trespass, and tortious interference.

In a statement, Microsoft emphasised its commitment to ensuring the safety and integrity of its AI services, describing the legal action as a necessary step to protect users. The lawsuit also names seven individuals alleged to have been customers of the service. While all defendants are currently listed as John Does, Microsoft continues to investigate their identities.